1f9483dd2bfe47320979619fcbc2ff2f

General

Target

1f9483dd2bfe47320979619fcbc2ff2f
Size

41KB
MD5

1f9483dd2bfe47320979619fcbc2ff2f
SHA1

acb67937d536f04e41ef59e91d4e9fc26c00601b
SHA256

35dde0252fc002818f96d89ec04043fc8bab717e988de77bb78bab2754763935
SHA512

ef8269e2cd395f268fff99dca68778966f9c7820bd3fb75520527525ea59a545fa2e97f3c94b816ff0232ea0657cc8a1c2e2c6e21783924187541a37e6d51b22
SSDEEP

768:DDa1ozVyJAYBzocV/iohlFG3+vMsoWpKYKP4XYFT6hS8ybSb:DDCoYJDzoWqwI+0ypKYuNohxybu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f9483dd2bfe47320979619fcbc2ff2f

Files

1f9483dd2bfe47320979619fcbc2ff2f
.sys windows:5 windows x86 arch:x86

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlUpcaseUnicodeString
IoBuildSynchronousFsdRequest
RtlCompareString
ExAllocatePool
RtlPrefixUnicodeString
RtlUpperString
IofCallDriver
KeClearEvent
ObGetObjectSecurity
MmMapLockedPages
VerSetConditionMask
PoUnregisterSystemState
KeSetEvent
IoVerifyPartitionTable
KeInitializeEvent
ZwDeleteValueKey
RtlInitString
MmBuildMdlForNonPagedPool
PoRequestPowerIrp
ZwSetInformationFile
ZwUnloadDriver
PoSetPowerState
ZwMakeTemporaryObject
PoStartNextPowerIrp
ZwEnumerateValueKey
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ZwFlushKey
IoSetPartitionInformationEx
ZwCancelTimer
PoCallDriver
ObfReferenceObject
ZwTerminateProcess
ZwDeleteKey
ZwOpenSection
ZwLoadDriver
ZwOpenKey
memset
memcpy

Exports

Exports

_CreateCompressedBuffer@0
_WriteCompressedBuffer@4

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ecode
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.ecode Size: 512B - Virtual size: 413B

.data Size: - Virtual size: 4B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 512B - Virtual size: 230B

.text
Size: 3KB - Virtual size: 2KB

.ecode
Size: 512B - Virtual size: 413B

.data
Size: - Virtual size: 4B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 230B