fc4ef20346c3091abf6c286baf4fbd432461bf71c4f9e74121f64ff0bd78bd9c

Sharing

Copy URL Twitter E-mail

General

Target

fc4ef20346c3091abf6c286baf4fbd432461bf71c4f9e74121f64ff0bd78bd9c
Size

65KB
MD5

948e1e2bd6b1906b8e722d9fa9a91ea2
SHA1

a16bb2d8a7d48b321572756792b1ab741fa44c6e
SHA256

fc4ef20346c3091abf6c286baf4fbd432461bf71c4f9e74121f64ff0bd78bd9c
SHA512

7a5e5aecb23acb213a66a2db959e019a5ae9c7caef2648702dbb60b3683bd8623fb052defa818b583d8cc91f0cd8b83589817f0957db68ce663ce12f7cd30901
SSDEEP

1536:I0Lged9ynbLVvYApc7/vb75doW/P6yLv5AojQfFt/:I0ked9ynFvYJ/vb7boW6yLv4T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc4ef20346c3091abf6c286baf4fbd432461bf71c4f9e74121f64ff0bd78bd9c

Files

fc4ef20346c3091abf6c286baf4fbd432461bf71c4f9e74121f64ff0bd78bd9c
.dll windows:5 windows x64

646ff19421bd53a239b88997d5a846f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePoolWithTag
strlen
ExAllocatePool
RtlCompareMemory
ZwClose
ZwWriteFile
ZwReadFile
ExAllocatePoolWithTag
ZwCreateFile
ZwDeleteFile
RtlInitUnicodeString
wcscat
wcscpy
ZwSetInformationFile
wcslen
ZwQueryInformationFile
ZwQueryDirectoryFile
IoCreateFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQueryTimeIncrement
ZwDeleteKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
ZwEnumerateKey
ZwQueryKey
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQueryValueKey
__C_specific_handler
atoi
strstr
_vsnprintf
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetLowerDeviceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
KeSetEvent
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
IoFreeMdl
MmIsAddressValid
PsGetVersion
MmGetSystemRoutineAddress
rand
srand
CmUnRegisterCallback
CmRegisterCallback
RtlCompareUnicodeString
ZwCreateKey
RtlQueryRegistryValues
MmSystemRangeStart
_itoa_s
PsCreateSystemThread
IoCreateSymbolicLink
RtlUnicodeStringToAnsiString
_vsnwprintf
IoCreateDevice
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
IofCompleteRequest
ObQueryNameString
RtlFreeAnsiString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcess
ZwQuerySystemInformation
KeUnstackDetachProcess
ObSetHandleAttributes
PsInitialSystemProcess
IoGetCurrentProcess
KeStackAttachProcess
PsLookupProcessByProcessId

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

646ff19421bd53a239b88997d5a846f4

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 36B