05476656040363bb9f134e9bbd44b87d

Sharing

Copy URL Twitter E-mail

General

Target

05476656040363bb9f134e9bbd44b87d
Size

22KB
MD5

05476656040363bb9f134e9bbd44b87d
SHA1

5f7cd6a97cdc5fe2877d208e5aceb8b09a6df66c
SHA256

e8fe164e4204fc0ec06168baed8ecd4078e7b2d75d029cc761d387796db700d8
SHA512

24fc435ad397d9ca652484e76be6beaae63267026397d8718858678299cb7183e4b8252d555a491e0914361c6899992f545bd7917bd71529cf9167c0504f27ec
SSDEEP

384:EyVRMLwnkciTuocBnKzrDRWT8o1WyXBPOmS+hcTMWT8o1WyXBPOm:OwFh/soRXBPX02oRXBPX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05476656040363bb9f134e9bbd44b87d

Files

05476656040363bb9f134e9bbd44b87d
.sys windows:5 windows x86 arch:x86

c01a47d0f75be669839ccdcbf34d4ec1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoReleaseRemoveLockEx
PoCallDriver
PoSetPowerState
IofCompleteRequest
PoStartNextPowerIrp
IoAcquireRemoveLockEx
ExFreePoolWithTag
IofCallDriver
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
KeInitializeEvent
RtlInitUnicodeString
KeInitializeSpinLock
RtlCopyUnicodeString
ExAllocatePoolWithTag
strchr
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
KeSetEvent
ObfDereferenceObject
IoWMIQueryAllData
IoWMIOpenBlock
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
wcslen
RtlQueryRegistryValues
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
MmUnmapIoSpace
MmMapIoSpace
ZwClose
ZwSetValueKey
RtlEqualUnicodeString
RtlIntegerToUnicodeString
KeTickCount
KeBugCheckEx
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoInitializeRemoveLockEx
RtlInitAnsiString
IoWMIRegistrationControl

hal

KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 749B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ciel
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 818B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c01a47d0f75be669839ccdcbf34d4ec1

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 768B - Virtual size: 749B

.data Size: 1024B - Virtual size: 916B

PAGE Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.ciel Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 818B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 768B - Virtual size: 749B

.data
Size: 1024B - Virtual size: 916B

PAGE
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.ciel
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 818B