1832d1cfaadc8eb3ccb5069466004079

General

Target

1832d1cfaadc8eb3ccb5069466004079
Size

22KB
MD5

1832d1cfaadc8eb3ccb5069466004079
SHA1

714bb41d6dd814854e96203dd8e4705d07df2e7c
SHA256

536d2561deac853c916bc6212f5579f531241e9958def7c6da8f8d6f8cf03663
SHA512

d386d0cf0cfb13468cf3cb6aefd4fa83df39cffe0ad04aac1698a2b03b1de5d05ec233ee06e9cda34dc00d51dfe58551fed4559760b5df16102735b67c786b59
SSDEEP

384:0G8l505xUqxNGppr0jriNTm/H29XQIhrpRPt7uBXZoUWKQNWfj+pp:0dk7GpB0ACvyXQ4Rl7sSK86+p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1832d1cfaadc8eb3ccb5069466004079

Files

1832d1cfaadc8eb3ccb5069466004079
.sys windows:5 windows x86 arch:x86

c6227215645f161a640b66cdac507f50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
IoRegisterDeviceInterface
ExAllocatePoolWithTag
ExFreePool
IoSetDeviceInterfaceState
KeSetEvent
InterlockedDecrement
KeInitializeEvent
InterlockedIncrement
RtlQueryRegistryValues
memmove
wcslen
RtlFreeUnicodeString
KeInitializeSpinLock
IoCreateDevice
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
PoRequestPowerIrp
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
IoCancelIrp
IoBuildPartialMdl
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KfAcquireSpinLock

usbd.sys

USBD_CreateConfigurationRequest
USBD_GetUSBDIVersion
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gbzj
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6227215645f161a640b66cdac507f50

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 320B

INIT Size: 1KB - Virtual size: 1KB

.gbzj Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 436B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 320B

INIT
Size: 1KB - Virtual size: 1KB

.gbzj
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 436B