5e6a5ef65eab5a2f43b1192cf98ba95b

General

Target

5e6a5ef65eab5a2f43b1192cf98ba95b
Size

40KB
MD5

5e6a5ef65eab5a2f43b1192cf98ba95b
SHA1

5928b2005061113aea497330fcfb169db5a63860
SHA256

e8a8a13756c6f4b2eb1ae22be271fb1c2b86434ec315006d3b269a97620f628a
SHA512

89476b793c913a5dc60f3c2697dacd7a3a6a18df9634ed799033f530498e94755ca9c7cc7695e66401ff86515ef1c2079f23617d16e84257b86c42d7d8a2fb25
SSDEEP

768:7tZ0Yb0B8GVUNOaR+vtx+kb0Mnvs8Zs9rQG3ihh8AE+wqImztaDifw/PTew3:5Z0u0aGVUgzvtxr0WvfZs90GyhKSwqIR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e6a5ef65eab5a2f43b1192cf98ba95b

Files

5e6a5ef65eab5a2f43b1192cf98ba95b
.sys windows:4 windows x86 arch:x86

5226467e45c799d3ab1e258dd2935ba0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
RtlInitUnicodeString
MmIsAddressValid
wcslen
wcscat
wcscpy
_wcsicmp
ZwOpenKey
_except_handler3
ZwSetValueKey
ZwCreateKey
wcsstr
_wcslwr
PsGetVersion
ZwDeleteKey
swprintf
_snwprintf
wcsncpy
wcschr
_wcsnicmp
wcsrchr
_stricmp
ZwCreateFile
KeQuerySystemTime
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
ObReferenceObjectByHandle
ZwSetInformationFile
RtlCopyUnicodeString
KeTickCount
KeQueryTimeIncrement
IoDeviceObjectType
IofCompleteRequest
IoGetCurrentProcess
RtlAnsiStringToUnicodeString
strncmp
MmGetSystemRoutineAddress
PsCreateSystemThread
_snprintf
strncpy
RtlCompareUnicodeString
PsLookupProcessByProcessId
KeDelayExecutionThread
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 66B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5226467e45c799d3ab1e258dd2935ba0

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 66B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 66B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB