2286b78d4698512e76c67e7bc3244bdc

General

Target

2286b78d4698512e76c67e7bc3244bdc
Size

18KB
MD5

2286b78d4698512e76c67e7bc3244bdc
SHA1

5b11e0765ff2ba6b52e2ed0bf1ed4dddd6e92dc6
SHA256

6b1bc4f5b05458c810e19990571e689439c77bbfceee196b26f851a2a02b75d4
SHA512

4e9dcb13dad76b58d0d2c8678cd4008de37dd8bf887f211821e87843121d6d3053f78b9369a1cea94ebb91dc2ef0ad7d710b80102b3107fae788d6bd093202e7
SSDEEP

384:o+MrWPBF2JuF6Fui2eMwHbZ7wvyyShEwkwUqXLKnyYMDuT2pQH0PBGzPqteX119b:o+pPyo4cv6ur0pS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2286b78d4698512e76c67e7bc3244bdc

Files

2286b78d4698512e76c67e7bc3244bdc
.sys windows:5 windows x86 arch:x86

e24346064d37401a267984021d2bfdf6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IoCreateSymbolicLink
RtlFreeUnicodeString
ZwQuerySystemInformation
RtlInitUnicodeString
MmUserProbeAddress
ZwReadFile
ZwWriteFile
ZwCreateFile
ZwQueryInformationProcess
ZwPulseEvent
strncmp
IoGetCurrentProcess
IoDeleteDevice
IoDeleteSymbolicLink
_strupr
_strlwr
strrchr
ZwClose
IofCompleteRequest
_stricmp
IoCreateDevice
_except_handler3

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t1ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e24346064d37401a267984021d2bfdf6

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 864B - Virtual size: 864B

.data Size: 7KB - Virtual size: 7KB

.t1ata Size: 512B - Virtual size: 512B

.rata Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 634B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 864B - Virtual size: 864B

.data
Size: 7KB - Virtual size: 7KB

.t1ata
Size: 512B - Virtual size: 512B

.rata
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 634B