365e36914d6493ebd4ab9c690bd4282d

General

Target

365e36914d6493ebd4ab9c690bd4282d
Size

8KB
MD5

365e36914d6493ebd4ab9c690bd4282d
SHA1

0af4bd7fb070ed59d5f5b17b643bf3b9b77801bf
SHA256

33f3cfba27a902b11ca8bc028eaca2fa7268bdd007a8aab17e07bd6aa395bdef
SHA512

f5cf7df215f677977b7d8a34b87706d1083c55240d1a4130d0e30f1b9a0499502aa46cd61ce30e33752c2779a29646d8e19ba0e2c6cb9417177d5835b9b19bea
SSDEEP

96:DyJYKzoKp5RMUI65YNpARk7P2Z+3FGApZPj8S4EpOIUa+5vbr2NJ/NN9BrJfoLDZ:9y5aUIc4P0yGQl8S4EYLxC5NfrJfkhU6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
365e36914d6493ebd4ab9c690bd4282d

Files

365e36914d6493ebd4ab9c690bd4282d
.sys windows:5 windows x86 arch:x86

e6336f9fde937aae8dcbfb1e25f9c6cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memmove
ObfDereferenceObject
ExFreeToPagedLookasideList
RtlFreeAnsiString
strncmp
strncat
RtlUnicodeStringToAnsiString
ObQueryNameString
ExFreePool
ExAllocateFromPagedLookasideList
ExAllocatePoolWithTag
_except_handler3
IoGetCurrentProcess
strncpy
wcscpy
wcsstr
_strupr
wcslen
_strnicmp
PsGetCurrentProcessId
ObReferenceObjectByHandle
ZwEnumerateKey
InterlockedExchange
KeServiceDescriptorTable
ZwOpenKey
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IofCompleteRequest
ExDeletePagedLookasideList
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoRegisterShutdownNotification
ExInitializePagedLookasideList
IoCreateSymbolicLink
IoCreateDevice
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 672B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6336f9fde937aae8dcbfb1e25f9c6cb

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 384B - Virtual size: 364B

.data Size: 672B - Virtual size: 668B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 556B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 384B - Virtual size: 364B

.data
Size: 672B - Virtual size: 668B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 556B