3d75ee0461e780feb2b333362fad413b

General

Target

3d75ee0461e780feb2b333362fad413b
Size

38KB
MD5

3d75ee0461e780feb2b333362fad413b
SHA1

c41666754bacbcc42472af2f7a12950c602b88f1
SHA256

e7c875b82170e1f5635529f90bc6038e6613b01b33333814d57190f16ee0ba0c
SHA512

2502f2c0119cefd31aafbcd5f7c972c68e457b1cae50b8c63f3220a84809330301bd29bdcbe40e3eaaf57efaccc188aafc0e63791f0650f5b7afa15992727af8
SSDEEP

768:YU2UIqmTiMFrKvKPDQUio7/GyC9K1mCHiQj2TJb8NRe9vLtppbm:dNIqmT/RP0u7OyCVCCD9b5ZLvpbm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d75ee0461e780feb2b333362fad413b

Files

3d75ee0461e780feb2b333362fad413b
.sys windows:4 windows x86 arch:x86

14be923ea706f8abfe7aa84625c63318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsicmp
wcsncpy
wcslen
wcsrchr
IofCompleteRequest
_snwprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwClose
ZwCreateKey
swprintf
ZwSetValueKey
_wcsnicmp
ZwQueryValueKey
strncpy
PsLookupProcessByProcessId
_stricmp
strncmp
IoGetCurrentProcess
wcsstr
_wcslwr
ZwDeleteKey
ZwOpenKey
KeDelayExecutionThread
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
MmIsAddressValid
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
ZwCreateFile
ExFreePool
_snprintf
RtlCompareUnicodeString
MmGetSystemRoutineAddress
wcschr
ObfDereferenceObject
RtlCopyUnicodeString
ZwSetInformationFile
ObReferenceObjectByHandle
KeTickCount
KeQueryTimeIncrement
IoDeviceObjectType
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
PsCreateSystemThread

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 68B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14be923ea706f8abfe7aa84625c63318

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 5B

PAGE Size: 96B - Virtual size: 68B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 5B

PAGE
Size: 96B - Virtual size: 68B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB