2f4a41b98b9c50aeb51db0eef9cec8d0

General

Target

2f4a41b98b9c50aeb51db0eef9cec8d0
Size

21KB
MD5

2f4a41b98b9c50aeb51db0eef9cec8d0
SHA1

a5aee295c586cdbb32e5dee35705d5b869479be0
SHA256

a9bf5dc2e1eb7edf7d93a790f79ba773eafbdf5a9bff1d329fe60639ecfaf6db
SHA512

3d9bea256f40c9573ed3f9bc48e435d5e88bd27357a298f532a9caecf2d50758bbf8627d306a571de2f781c8bd67c23199967f21aa3ba399544f62d6f697544a
SSDEEP

384:GcqXeJ4ikKcA7tls/dLzt+xusjITbBZF7PW5QKGNAgnEx:GJCfkKX3s/Vzt+xumITFZFrWDs5Ex

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f4a41b98b9c50aeb51db0eef9cec8d0

Files

2f4a41b98b9c50aeb51db0eef9cec8d0
.sys windows:6 windows x86 arch:x86

b351a7ca275e86eb27a03b750312d4b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

NtBuildNumber
RtlInitUnicodeString
memset
PsLookupProcessByProcessId
IofCompleteRequest
ExFreePoolWithTag
ZwClose
ExAllocatePool
_except_handler3
memcpy
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
ZwQuerySystemInformation
ObReferenceObjectByHandle
ZwOpenThread
ObfReferenceObject
ObfDereferenceObject
IoFreeMdl
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
wcsncmp
ObOpenObjectByName
wcsstr
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExAllocatePoolWithTag
MmIsAddressValid
IoRegisterFsRegistrationChange
KeInitializeMutex
IoAllocateMdl

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b351a7ca275e86eb27a03b750312d4b2

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 428B

.data Size: 14KB - Virtual size: 14KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 842B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 428B

.data
Size: 14KB - Virtual size: 14KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 842B