2194bd35d1d875f33f5bf1c0769cdc95

Sharing

Copy URL Twitter E-mail

General

Target

2194bd35d1d875f33f5bf1c0769cdc95
Size

181KB
MD5

2194bd35d1d875f33f5bf1c0769cdc95
SHA1

ad8af6eb7066e42e9ddfc61c35992b3627355078
SHA256

3f463f2a8a4ce29dd6f573f39f251be8f52f0b9773c8b812220269718f109ce9
SHA512

b84baac48caf4238b17430346f3085b654c988007ef03733a6d3cf9aa1bfb76a719c4084494ec5985bebe19e9c774ce64cdb61b8e9378453bfcaa0d7bee6c11a
SSDEEP

3072:dqu+hbfmF/jEJRU9oOQqb9IcFsN+msn8REcitf0+R3TKEUx41eR:dqu+pVJRwQq18REztfDRDEM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2194bd35d1d875f33f5bf1c0769cdc95

Files

2194bd35d1d875f33f5bf1c0769cdc95
.dll windows:5 windows x86 arch:x86

3a5071b44a0731308275895bd00b5e4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmMapIoSpace
KeInsertHeadQueue
ZwEnumerateKey
ZwReadFile
RtlEqualUnicodeString
RtlEqualString
RtlInitUnicodeString
RtlInitString
RtlSetAllBits
RtlFindLastBackwardRunClear
CcCopyWrite
RtlCreateRegistryKey
RtlTimeToTimeFields
IoCreateFile
IoStartPacket
RtlxUnicodeStringToAnsiSize
RtlxUnicodeStringToOemSize

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itab
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.etab
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msd3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msd1
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msd2
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msd4
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a5071b44a0731308275895bd00b5e4e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 10KB - Virtual size: 9KB

.itab Size: 512B - Virtual size: 72B

.idata Size: 512B - Virtual size: 474B

.etab Size: 512B - Virtual size: 512B

.msd3 Size: 512B - Virtual size: 28B

.msd1 Size: 512B - Virtual size: 140B

.msd2 Size: 512B - Virtual size: 140B

.msd4 Size: 512B - Virtual size: 288B

.data Size: 1KB - Virtual size: 42KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 1024B - Virtual size: 632B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 10KB - Virtual size: 9KB

.itab
Size: 512B - Virtual size: 72B

.idata
Size: 512B - Virtual size: 474B

.etab
Size: 512B - Virtual size: 512B

.msd3
Size: 512B - Virtual size: 28B

.msd1
Size: 512B - Virtual size: 140B

.msd2
Size: 512B - Virtual size: 140B

.msd4
Size: 512B - Virtual size: 288B

.data
Size: 1KB - Virtual size: 42KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 1024B - Virtual size: 632B