526d71c07ef92c480eb83f65b53d2ed9

General

Target

526d71c07ef92c480eb83f65b53d2ed9
Size

40KB
MD5

526d71c07ef92c480eb83f65b53d2ed9
SHA1

a56628dcec0060bc059c5679bfeabe1fe36239f6
SHA256

e276fc8a9943de1eb583fa286974a599b78418e1c6da41ee82b73f34cf800643
SHA512

d97fb7cb5b3ede2ce1b34effeba2adb970c2cc67ce8d2d94e3ee0193483faf55f94b6ad95554e5003f5879e1a2af713b96bd1e6ab0c4f2f94696cac0517a6238
SSDEEP

768:C0yw2ECG4rUO4NxhyOFmaxrrU6O7q9m0b6qpNFkR+HyarY+TIDf6qfV/YYCNpg4c:CdzoNx0OHrrU122A8+nrY+TIrPdgYCDu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
526d71c07ef92c480eb83f65b53d2ed9

Files

526d71c07ef92c480eb83f65b53d2ed9
.sys windows:4 windows x86 arch:x86

b965ea8a4566f050741089be2749f596

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwDeleteKey
swprintf
strncmp
IoGetCurrentProcess
ObReferenceObjectByHandle
strncpy
RtlCompareUnicodeString
RtlInitUnicodeString
ZwOpenKey
ZwSetValueKey
ZwQueryValueKey
_except_handler3
wcslen
wcscat
wcscpy
PsLookupProcessByProcessId
_stricmp
_snwprintf
wcsncpy
wcschr
MmIsAddressValid
ZwSetInformationFile
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
IoDeviceObjectType
wcsstr
_wcslwr
PsGetVersion
ZwCreateKey
_wcsicmp
wcsrchr
IofCompleteRequest
_wcsnicmp
KeTickCount
KeQueryTimeIncrement
KeQuerySystemTime
KeDelayExecutionThread
PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress
_snprintf
PsCreateSystemThread
RtlCopyUnicodeString
IoRegisterDriverReinitialization

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b965ea8a4566f050741089be2749f596

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 80B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 80B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB