492dfd6fd2a2c7a24a437aab0226d975

Sharing

Copy URL Twitter E-mail

General

Target

492dfd6fd2a2c7a24a437aab0226d975
Size

139KB
MD5

492dfd6fd2a2c7a24a437aab0226d975
SHA1

f9d52192d580598e8ea8723d15e4a6d4a5eb08b5
SHA256

e6ac490792b9c9d7adaedb3db112554851f7b88aea4642a5c7094f84d18f539d
SHA512

ecdf350e9525c4ab5760aa21cfb60ba85d7bd45c0c0029e32de2ee65a93b663348ed235bf00e2b0900f7084f5968844a4f18bc8e69baa501113701282d679668
SSDEEP

3072:xiV7LAmL7++oa50Kg9DHvOduBU+66uuPoSumx16s/JOEUXNosk:xiBLA8+1amKgdHvKuBU+66uuPluC16sN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
492dfd6fd2a2c7a24a437aab0226d975

Files

492dfd6fd2a2c7a24a437aab0226d975
.dll windows:5 windows x86 arch:x86

c83e2635cd2a6c76bcbaea1b8b676ff6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeDelayExecutionThread
KeQueryTimeIncrement
InterlockedDecrement
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
KeBugCheckEx
ZwClose
ZwOpenKey
RtlInitUnicodeString
KeInitializeSpinLock
RtlFreeUnicodeString
IoCreateSymbolicLink
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoIsWdmVersionAvailable
ExFreePool
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoConnectInterrupt
IoGetDmaAdapter
IoGetDeviceProperty
IoCsqInitialize
KeInitializeDpc
IofCompleteRequest
PoStartNextPowerIrp
KeInsertQueueDpc
InterlockedIncrement
RtlCompareMemory
InterlockedCompareExchange
IoCsqRemoveNextIrp
KeCancelTimer
KeSetTimer
ExQueueWorkItem
KeInitializeTimer
KeReleaseSemaphore
ObReferenceObjectByHandle
PsTerminateSystemThread
KeResetEvent
IoAllocateIrp
KeGetCurrentThread
_alldiv
PsCreateSystemThread
IoReleaseCancelSpinLock
InterlockedExchange
ExfInterlockedInsertTailList
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeMdl
IoAcquireCancelSpinLock
MmMapLockedPages
ZwQueryValueKey
IoOpenDeviceRegistryKey
ZwSetValueKey
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
IoDeleteDevice
IoCreateDevice
MmMapIoSpace
wcslen
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
ObfReferenceObject
IoAttachDeviceToDeviceStack
KeInitializeSemaphore
IoDetachDevice
PoCallDriver
IoCsqInsertIrp
PoRequestPowerIrp
IoCancelIrp
MmBuildMdlForNonPagedPool
IoAllocateMdl
DbgBreakPoint
ExfInterlockedInsertHeadList
ExfInterlockedRemoveHeadList
KeTickCount
KeInitializeEvent
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
KeQuerySystemTime
KeSetEvent
ExAllocatePoolWithQuotaTag
ProbeForRead
_except_handler3

hal

KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Exports

Exports

DllUnload
USBPORT_GetHciMn
USBPORT_RegisterUSBPortDriver

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c83e2635cd2a6c76bcbaea1b8b676ff6

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 768B - Virtual size: 708B

.data Size: 1024B - Virtual size: 1008B

PAGE Size: 10KB - Virtual size: 10KB

.edata Size: 256B - Virtual size: 139B

PAGECONS Size: 128B - Virtual size: 16B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 768B - Virtual size: 708B

.data
Size: 1024B - Virtual size: 1008B

PAGE
Size: 10KB - Virtual size: 10KB

.edata
Size: 256B - Virtual size: 139B

PAGECONS
Size: 128B - Virtual size: 16B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 5KB - Virtual size: 5KB