067373e99265fedb9b64cc4b716262c0

General

Target

067373e99265fedb9b64cc4b716262c0
Size

22KB
MD5

067373e99265fedb9b64cc4b716262c0
SHA1

ef849cb025b2378ddf89c351821763fa61981961
SHA256

16a76597e7505843c29403883dbc8a64dda19ef2236d17b4cbe7732bf3ef367c
SHA512

f1d87fffded44c27bb3a34608ba7c87d66095367b4cc860feefc3047bb440d12e510610f27544870a4bb12afcc9167c24d6f3a44c3ea75423e5fa6f60472d3bd
SSDEEP

384:HHnWcKEN0666aKN8GTpKCmEXkCvRI+Hl9Nms6RJJr7wn5GTpKCm:HHWcp8GTpKCmEUC/H4le5GTpKCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067373e99265fedb9b64cc4b716262c0

Files

067373e99265fedb9b64cc4b716262c0
.sys windows:5 windows x86 arch:x86

c6227215645f161a640b66cdac507f50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
IoRegisterDeviceInterface
ExAllocatePoolWithTag
ExFreePool
IoSetDeviceInterfaceState
KeSetEvent
InterlockedDecrement
KeInitializeEvent
InterlockedIncrement
RtlQueryRegistryValues
memmove
wcslen
RtlFreeUnicodeString
KeInitializeSpinLock
IoCreateDevice
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
PoRequestPowerIrp
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
IoCancelIrp
IoBuildPartialMdl
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KfAcquireSpinLock

usbd.sys

USBD_CreateConfigurationRequest
USBD_GetUSBDIVersion
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vtwl
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6227215645f161a640b66cdac507f50

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 319B

INIT Size: 1KB - Virtual size: 1KB

.vtwl Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 436B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 319B

INIT
Size: 1KB - Virtual size: 1KB

.vtwl
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 436B