340bfff424c04df5531b6907fa24eb63

Sharing

Copy URL Twitter E-mail

General

Target

340bfff424c04df5531b6907fa24eb63
Size

693KB
MD5

340bfff424c04df5531b6907fa24eb63
SHA1

0a3529848931c4d2b4c64d3c2efea8499720a1a3
SHA256

00816b3e9f84b896b8049cd5b11fa136543e325b43fd0f9d1d81326efee09c32
SHA512

1602ec3e844555676b1cc9a6a652952f2160fd00531df2e9aec5a86fe0119974250145ddd78bfbd70b14a566e36059af4d5e94cdcfa9bc399b98b27871561356
SSDEEP

6144:21GXcSzSAK35+Hfnf8cOlnmMXHj6iBbZx0/V4tIkvH5RUzO5oseeeeeeqbLHX9VQ:22cSt8bHndxWPnFgGPnFg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
340bfff424c04df5531b6907fa24eb63

Files

340bfff424c04df5531b6907fa24eb63
.sys windows:4 windows x86 arch:x86

309bc0e8318655030b318d4ab8cc3346

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortInitialize
VideoPortGetAccessRanges
VideoPortMapMemory
VideoPortZeroMemory
VideoPortInt10
VideoPortSetTrappedEmulatorPorts
VideoPortCompareMemory
VideoPortFreeDeviceBase
VideoPortGetDeviceBase
VideoPortGetBusData
VideoPortUnmapMemory
VideoPortWriteRegisterUchar
VideoPortSetRegistryParameters
VideoPortSynchronizeExecution
VideoPortReadRegisterUlong
VideoPortWriteRegisterUlong
VideoPortReadRegisterUchar

ntoskrnl.exe

ObReferenceObjectByHandle
ZwUnmapViewOfSection
ZwMapViewOfSection
RtlUnwind
RtlInitUnicodeString
ZwOpenSection
ZwClose
ExAllocatePoolWithTag
ExFreePool
MmUnmapLockedPages
MmGetPhysicalAddress
KeQuerySystemTime
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeDelayExecutionThread
KeSetEvent
MmUnmapIoSpace
MmMapIoSpace
MmBuildMdlForNonPagedPool
MmFreeContiguousMemory
MmAllocateContiguousMemory
MmMapLockedPages
MmUnlockPages
IoFreeMdl
IoAllocateMdl
MmProbeAndLockPages
RtlTimeToTimeFields

hal

HalGetBusDataByOffset
HalSetBusData
HalSetBusDataByOffset
HalGetBusData

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

309bc0e8318655030b318d4ab8cc3346

Headers

File Characteristics

Imports

videoprt.sys

ntoskrnl.exe

hal

Sections

.text Size: 216KB - Virtual size: 216KB

.data Size: 145KB - Virtual size: 145KB

PAGE Size: 7KB - Virtual size: 7KB

PAGE Size: 10KB - Virtual size: 10KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 216KB - Virtual size: 216KB

.data
Size: 145KB - Virtual size: 145KB

PAGE
Size: 7KB - Virtual size: 7KB

PAGE
Size: 10KB - Virtual size: 10KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB