368816b2eb1bec1e27a4a11a10c49707

General

Target

368816b2eb1bec1e27a4a11a10c49707
Size

264KB
MD5

368816b2eb1bec1e27a4a11a10c49707
SHA1

f0b653b861d66da35fec74964c97e01ebcbed6a9
SHA256

7d1800e1ae18e1b32a70fefaf657d20efbd82f6895d8c2ffe43a8d1c0e43bb63
SHA512

22a3760dc605f255462c076ae7d4f54ba708b6a9fb27c46a1929cfb116393b32697513bb143d8ba8554d28f07a4e43af6fc4da01924d928c55a1db9bc3831a2b
SSDEEP

6144:LWwmJiAfKLT9d07Zuh64TBQPV0a1KiUJNk/Nj1Z/:LOJS64TB8wJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
368816b2eb1bec1e27a4a11a10c49707

Files

368816b2eb1bec1e27a4a11a10c49707
.dll windows:5 windows x86 arch:x86

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoCheckQuotaBufferValidity
KeSetSystemAffinityThread
KeLeaveCriticalRegion
KeReadStateMutex
IoReleaseCancelSpinLock
IoFreeMdl
MmIsAddressValid
RtlDelete
CcSetDirtyPinnedData
KeEnterCriticalRegion
ZwWriteFile
ExDeleteNPagedLookasideList
ExSetResourceOwnerPointer
IoConnectInterrupt
ObReferenceObjectByHandle
IoReleaseRemoveLockAndWaitEx
RtlDeleteElementGenericTable
MmCanFileBeTruncated
IoWMIRegistrationControl
RtlCreateSecurityDescriptor
CcSetBcbOwnerPointer
CcPurgeCacheSection
KeInsertHeadQueue
SeQueryInformationToken
IoGetStackLimits
MmSecureVirtualMemory
RtlValidSid
ExRaiseDatatypeMisalignment
MmFreeContiguousMemory
IoFreeErrorLogEntry
RtlUnicodeToOemN
FsRtlCheckLockForReadAccess
IoAllocateWorkItem
MmUnsecureVirtualMemory
ZwOpenSymbolicLinkObject
KeRemoveDeviceQueue
KeSetTargetProcessorDpc
SeAccessCheck
FsRtlMdlWriteCompleteDev
RtlGetNextRange
ZwSetVolumeInformationFile
RtlVolumeDeviceToDosName
KeGetCurrentThread
MmAddVerifierThunks
KeTickCount
RtlFindClearRuns

Exports

Exports

?ValidateStringOriginal@@YGDKPAKPAM<V
?CrtProviderOriginal@@YGPAXKPAFGK<V
?IsNotMutantExW@@YGGN<V
?AddDataOld@@YGXD<V
?AddAppNameOriginal@@YGXPADIEJ<V
?DeleteFolderA@@YGJPANPAK<V

Sections

.text
Size: 31KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 60KB

.data Size: 16KB - Virtual size: 16KB

.text
Size: 31KB - Virtual size: 60KB

.data
Size: 16KB - Virtual size: 16KB