34d376f62e7bf63c98b0152e949c580c

General

Target

34d376f62e7bf63c98b0152e949c580c
Size

135KB
MD5

34d376f62e7bf63c98b0152e949c580c
SHA1

e7b37ab59db86673cb474ed5894fc67c9f16c857
SHA256

24a13b047843cea9ac3e819c0c16acfd03757c65e494fba006630d5d02bb7de5
SHA512

6ffa8f99961cec0de8e0659cd603fa87f70c530a6f7564918942e8007720e5f29f8e8a054661df73eed0f68f38377d696e273e308db1b81e412ae61b119586e7
SSDEEP

3072:KKU9NRqDNH8gOAi0Gv7YHZE76VuLFUSfSEp:dxNH8gHi5YHaVLa7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34d376f62e7bf63c98b0152e949c580c

Files

34d376f62e7bf63c98b0152e949c580c
.dll windows:5 windows x86 arch:x86

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeCaptureSubjectContext
SeDeleteObjectAuditAlarm
CcDeferWrite
IoBuildPartialMdl
IoFreeIrp
SeTokenIsRestricted
IoCheckShareAccess
IoGetLowerDeviceObject
ZwCreateSection
ZwQuerySymbolicLinkObject
KeEnterCriticalRegion
FsRtlNotifyInitializeSync
IoGetInitialStack
IoWMIRegistrationControl
ZwOpenSymbolicLinkObject
KeReadStateTimer
IoDeviceObjectType
KeGetCurrentThread
RtlGetVersion
MmUnlockPages
IoGetDmaAdapter
RtlUnicodeStringToInteger
SeSetSecurityDescriptorInfo
RtlUpcaseUnicodeString
ExIsProcessorFeaturePresent
RtlIsNameLegalDOS8Dot3
CcGetFileObjectFromBcb
KeInitializeDeviceQueue
ObfReferenceObject
KeDetachProcess
MmCanFileBeTruncated
ObReferenceObjectByPointer
IoThreadToProcess
KeTickCount
IoGetAttachedDevice
IofCallDriver
IoGetDeviceInterfaceAlias
FsRtlDeregisterUncProvider
IoInitializeIrp
DbgBreakPoint
KeLeaveCriticalRegion
RtlCreateSecurityDescriptor
ZwOpenFile
KeInsertByKeyDeviceQueue
IoVerifyVolume
IoDeleteController
CcMdlRead

Exports

Exports

?IsNotPenEx@@YGPAFIGPAJG<V
?DeleteDirectory@@YGXEPAGME<V
?IsNotCommandLineW@@YGPAIGMPAF<V
?PutMessageEx@@YGMPA_N<V
?PutObject@@YGPADFPAMPAJPA_N<V
?EnumConfigExW@

Sections

.text
Size: 63KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 83KB

.text
Size: 63KB - Virtual size: 83KB