a0bf4ec56c638b8aff9413e36454e54c7a6cfe906ba80fbc17cd3046e0a51c28

Sharing

Copy URL Twitter E-mail

General

Target

a0bf4ec56c638b8aff9413e36454e54c7a6cfe906ba80fbc17cd3046e0a51c28
Size

151KB
MD5

db45063d3071962575951755e2e2991c
SHA1

3268182e190b13664e3533287df5a5e2288e3c57
SHA256

a0bf4ec56c638b8aff9413e36454e54c7a6cfe906ba80fbc17cd3046e0a51c28
SHA512

93e0bc88c393a80b693d5f3e7bcc58691ccd5bd13f94e01f4ee5346ea7d78e651d0cbd24144c2b1bf51aa4b4d18468f833e0d08569619b1284a6bd777d2c2b3f
SSDEEP

3072:pBz6SeaDP7MwZ46B22lnvMIsJJj+QST5QlDdFL5sxljUbG/K/axF+KehJ5KRQAHL:pBz6SxMwZRiWRfoC4iV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0bf4ec56c638b8aff9413e36454e54c7a6cfe906ba80fbc17cd3046e0a51c28

Files

a0bf4ec56c638b8aff9413e36454e54c7a6cfe906ba80fbc17cd3046e0a51c28
.sys windows:6 windows x86 arch:x86

dbaf51b1d2cd19966e2aff937989dbc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeQuerySystemTime
_strnicmp
_stricmp
strstr
_strlwr
FsRtlInitializeFileLock
ExInitializeResourceLite
RtlInsertElementGenericTable
DbgPrint
RtlCompareMemory
PsGetProcessId
RtlLookupElementGenericTable
MmCanFileBeTruncated
ObReferenceObjectByHandle
IoFileObjectType
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
CcSetFileSizes
CcSetDirtyPageThreshold
CcInitializeCacheMap
IoGetCurrentProcess
KeUnstackDetachProcess
ZwCreateFile
KeStackAttachProcess
KeSetEvent
_allrem
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ExDeleteNPagedLookasideList
ExAcquireResourceSharedLite
RtlInitializeGenericTable
ExInitializeNPagedLookasideList
KeInitializeSemaphore
KdEnableDebugger
MmGetSystemRoutineAddress
MmMapLockedPagesSpecifyCache
CcCopyRead
CcMdlRead
FsRtlFastCheckLockForRead
CcMdlReadComplete
CcCopyWrite
_wcsupr
CcCanIWrite
ExAcquireSharedStarveExclusive
FsRtlFastCheckLockForWrite
CcMdlWriteComplete
ZwWaitForSingleObject
ZwReadFile
ZwWriteFile
wcschr
ZwQueryInformationFile
KeBugCheck
RtlIntegerToUnicodeString
RtlUnicodeStringToInteger
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
KeReleaseSemaphore
RtlTimeToTimeFields
ExSystemTimeToLocalTime
RtlUnicodeToMultiByteN
IoFreeIrp
IofCallDriver
IoAllocateIrp
IoGetRelatedDeviceObject
KeDelayExecutionThread
FsRtlPrivateLock
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
IoBuildDeviceIoControlRequest
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
PsRevertToSelf
ZwFsControlFile
ZwSetInformationFile
IoCreateFile
ExfInterlockedAddUlong
PsImpersonateClient
PsTerminateSystemThread
PsDereferencePrimaryToken
PsReferencePrimaryToken
ZwCreateEvent
KeTickCount
KeBugCheckEx
RtlUnwind
wcsncmp
RtlInitUnicodeString
_wcsnicmp
ZwOpenSymbolicLinkObject
ZwClose
ExAllocatePool
ZwQuerySymbolicLinkObject
_alldiv
ExAllocatePoolWithTag
strncpy
PsGetProcessCreateTimeQuadPart
_vsnwprintf
_vsnprintf
KeGetCurrentThread
memset
memcpy
ObfDereferenceObject
ExFreePoolWithTag
FsRtlUninitializeFileLock
FsRtlTeardownPerStreamContexts
ExDeleteResourceLite
RtlDeleteElementGenericTable
InterlockedPushEntrySList
InterlockedPopEntrySList
CcFlushCache
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
FsRtlFastUnlockAll
ExReleaseResourceLite
CcPurgeCacheSection
MmFlushImageSection
MmForceSectionClosed
KeInitializeEvent
CcUninitializeCacheMap
KeLeaveCriticalRegion
CcPrepareMdlWrite
KeWaitForSingleObject

hal

KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock

fltmgr.sys

FltCreateFile
FltClose
FltQueryInformationFile
FltReadFile
FltSendMessage
FltIsOperationSynchronous
FltWriteFile
FltAllocateDeferredIoWorkItem
FltQueueDeferredIoWorkItem
FltLockUserBuffer
FltCompletePendedPreOperation
FltFreeDeferredIoWorkItem
FltRegisterFilter
FltStartFiltering
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltGetDestinationFileNameInformation
FltSetInformationFile
FltFlushBuffers
FltGetRequestorProcessId
FltGetFileNameInformation
FltParseFileNameInformation
FltSetCallbackDataDirty
FltReleaseFileNameInformation
FltGetRequestorProcess
FltGetDiskDeviceObject

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbaf51b1d2cd19966e2aff937989dbc7

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 18KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 18KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 8KB