deecca6dfa98e88f4745007727343002a92ae40b1e5da723d8df78994a30e28f[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

deecca6dfa98e88f4745007727343002a92ae40b1e5da723d8df78994a30e28f.exe
Size

12.0MB
MD5

72519afeb9bc01d3d3502171753b34b4
SHA1

9bf5f6fbb9c477c9df5c05e9d849e8565eee5507
SHA256

deecca6dfa98e88f4745007727343002a92ae40b1e5da723d8df78994a30e28f
SHA512

0ba8e403b541beaf9d3c8bced3fef1e5cc14a4276e2d66364b92d3ad5065b80bd7ce84d758848ac6087dd2eddc61900c955a475fd5d03a88d70c7ef2a1bb342f
SSDEEP

196608:M91Q3wgOxGgBmzoG9Q0RgUv2sjc46gMagvjJUq6NwScRZT5CwGs8uai+JbrgzJ+K:MMwgOx9mMG2l81jb1YjZ6y4w7aFbrLk3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deecca6dfa98e88f4745007727343002a92ae40b1e5da723d8df78994a30e28f.exe

Files

deecca6dfa98e88f4745007727343002a92ae40b1e5da723d8df78994a30e28f.exe
.sys windows:10 windows x64 arch:x64

932c8c10f269ad915e39a2b4f3563392

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

DbgPrintEx
NtQuerySystemInformation
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 292B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ISRAEL0
Size: - Virtual size: 16.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ISRAEL1
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ISRAEL2
Size: 27.4MB - Virtual size: 27.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

932c8c10f269ad915e39a2b4f3563392

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 128B

.pdata Size: - Virtual size: 240B

INIT Size: - Virtual size: 292B

ISRAEL0 Size: - Virtual size: 16.9MB

ISRAEL1 Size: 1024B - Virtual size: 656B

ISRAEL2 Size: 27.4MB - Virtual size: 27.4MB

.reloc Size: 512B - Virtual size: 264B

.text
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 128B

.pdata
Size: - Virtual size: 240B

INIT
Size: - Virtual size: 292B

ISRAEL0
Size: - Virtual size: 16.9MB

ISRAEL1
Size: 1024B - Virtual size: 656B

ISRAEL2
Size: 27.4MB - Virtual size: 27.4MB

.reloc
Size: 512B - Virtual size: 264B