8a07097697f7fca4f0b510a6a0ea44b0c3c03bd08e2abbb5addb94b3daec0e45

Sharing

Copy URL

Twitter E-mail

General

Target

8a07097697f7fca4f0b510a6a0ea44b0c3c03bd08e2abbb5addb94b3daec0e45
Size

947KB
MD5

6ddbb70e3dc407ba32ee92d4315ef4aa
SHA1

95b5f5ed6a04db5dbad85e1bbb466743b6715d2e
SHA256

8a07097697f7fca4f0b510a6a0ea44b0c3c03bd08e2abbb5addb94b3daec0e45
SHA512

8c527a01c744c8f610fe3b589db1b0ec29a444c20a19dec3e216b1eb69fda0944cc67c1eff43c15afec1a0430b441c0a92a8f1d4c2ad7d7827a76095fb53334c
SSDEEP

24576:KZdzot0qLtDsq1vWhhG3V8sazIYuSW5zfpkyoPiePi8FxXxtLOOqxam:6dLqpsqVWhYF83TulpHLMxB0am

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a07097697f7fca4f0b510a6a0ea44b0c3c03bd08e2abbb5addb94b3daec0e45

Files

8a07097697f7fca4f0b510a6a0ea44b0c3c03bd08e2abbb5addb94b3daec0e45
.sys windows:6 windows x64

b2371fb43f1d29de7f34e9f5b5af29f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_wcsnicmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

tdi.sys

TdiMapUserRequest

hal

KeQueryPerformanceCounter

Exports

Exports

DeleteServicesReg
GenRandSvcAndDrvName2

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 941KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2371fb43f1d29de7f34e9f5b5af29f3

Headers

File Characteristics

Imports

ntoskrnl.exe

tdi.sys

hal

Exports

Exports

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 113KB

.pdata Size: - Virtual size: 3KB

.edata Size: - Virtual size: 116B

INIT Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 1.1MB

.vmp1 Size: 941KB - Virtual size: 941KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 113KB

.pdata
Size: - Virtual size: 3KB

.edata
Size: - Virtual size: 116B

INIT
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 1.1MB

.vmp1
Size: 941KB - Virtual size: 941KB

.reloc
Size: 512B - Virtual size: 12B