18a0b660eb74e809b9fced7a4daa5920

General

Target

18a0b660eb74e809b9fced7a4daa5920
Size

15KB
MD5

18a0b660eb74e809b9fced7a4daa5920
SHA1

068b48e8b04b9c4d31aa5b353a006c46f0f0fe62
SHA256

39eed89d243b96d27355695f24eb853bd21960e9404ed423083590b8593488c9
SHA512

6b98c69f5fba255cf1402ea406610120ab66e07faa8ab18b3f5ab474db45c50c3e3c4beb5ebb35854ad528c22e5b83a7a454ba243e7e5014120dba12d603c330
SSDEEP

384:TSBroRtxGWswd5BD13vAR/PGN56yx8XWAQW6:T3Rtbs0HzNss8z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18a0b660eb74e809b9fced7a4daa5920

Files

18a0b660eb74e809b9fced7a4daa5920
.sys windows:5 windows x86 arch:x86

80593df224fe5516b8e3ab5e61af2b50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
towlower
wcscat
wcscpy
wcsrchr
PsTerminateSystemThread
KeDelayExecutionThread
RtlWriteRegistryValue
RtlCreateRegistryKey
RtlQueryRegistryValues
ExFreePoolWithTag
ZwOpenKey
ZwEnumerateKey
ObfDereferenceObject
ZwWaitForSingleObject
ObOpenObjectByPointer
PsProcessType
_wcsnicmp
wcslen
ExAllocatePoolWithTag
RtlGetVersion
_strnicmp
IoGetCurrentProcess
ZwCreateFile
ZwReadFile
ZwQueryInformationFile
ZwWriteFile
ZwDeleteFile
DbgPrint
KeServiceDescriptorTable
_stricmp
RtlUnicodeStringToAnsiString

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 828B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80593df224fe5516b8e3ab5e61af2b50

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 256B - Virtual size: 140B

.data Size: 5KB - Virtual size: 5KB

INIT Size: 896B - Virtual size: 828B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 620B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 256B - Virtual size: 140B

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 896B - Virtual size: 828B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 620B