free
malloc
Static task
static1
1 signatures
General
-
Target
NEAS.cd84feb60ef1c04cff8934cb6b8f5b10_JC.exe
-
Size
282KB
-
MD5
cd84feb60ef1c04cff8934cb6b8f5b10
-
SHA1
2fe1b83438457a9f4e33e759de4d7fb91efd7c82
-
SHA256
711513dd2c1d04b34839bd43854184cb5141208cb1651f4f84edf6140e756252
-
SHA512
ac2b0af4c118339084426647cbcbcb8b3c00e956ff75be25c4959ae10660a034c8eb2caf47b9e518e39dc37b2a03525091de909f3ab6008c294328e55ba67685
-
SSDEEP
3072:p84KnBTmxjV47X/oeKeMVZha3hAkwSUS/iqk7EN0d8D2tYtYT+91iz1GFwx5NDla:OBmxmXgbkWSaqZN0t4YTlwkLlEJD
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.cd84feb60ef1c04cff8934cb6b8f5b10_JC.exe
Files
-
NEAS.cd84feb60ef1c04cff8934cb6b8f5b10_JC.exe.sys windows:5 windows x86
75f867a10360d6c1416781e3f2788376
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePool
_purecall
KeSetEvent
KeResetEvent
KeInitializeEvent
KeInitializeSemaphore
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
ZwWriteFile
IoFreeIrp
KeWaitForSingleObject
IoCancelIrp
KeClearEvent
KeCancelTimer
KeSetTimer
IofCallDriver
KeInitializeDpc
KeInitializeTimerEx
IoIsWdmVersionAvailable
ZwReadFile
ZwQueryInformationFile
DbgPrint
KeReleaseSemaphore
KeDelayExecutionThread
ZwEnumerateValueKey
IoOpenDeviceRegistryKey
wcscat
wcscpy
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
KeQuerySystemTime
RtlCompareMemory
IoInitializeIrp
IoAllocateIrp
ObfDereferenceObject
RtlTimeToTimeFields
ObReferenceObjectByHandle
PsCreateSystemThread
IoFreeWorkItem
ExQueueWorkItem
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoQueueWorkItem
IoAllocateWorkItem
KeReadStateSemaphore
PoRequestPowerIrp
KeSetTimerEx
KeTickCount
KeBugCheckEx
RtlUnwind
ks.sys
KsInitializeDriver
KsCreateFilterFactory
KsGetDevice
KsStreamPointerUnlock
KsPinGetLeadingEdgeStreamPointer
KsAcquireDevice
KsPinAttemptProcessing
KsPinRegisterPowerCallbacks
_KsEdit
KsGetDeviceForDeviceObject
KsAddItemToObjectBag
KsPinGetReferenceClockInterface
KsReleaseDevice
usbd.sys
USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx
Exports
Exports
Sections
.text Size: 235KB - Virtual size: 235KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 896B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 128B - Virtual size: 83B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ