62c77e15592590e89c22404e9c482ff1

Sharing

Copy URL Twitter E-mail

General

Target

62c77e15592590e89c22404e9c482ff1
Size

103KB
MD5

62c77e15592590e89c22404e9c482ff1
SHA1

b420ec5717b3d7fd8ce09afe8f40086474cea093
SHA256

58a9e12327fefa9f3c0d23dbd91ff855c1982b14d076fc280f6ef07e955c99c9
SHA512

cc721dff4bd056fa2b65ac7bc1cdb5d2c3c52530c5f622f45ab45661a490bcf4903a3dfc211c88b8817f6f0c2c473c892c016fb6a9ca3f993cfa569e7598e13d
SSDEEP

3072:5e8exjDyCyqLHO1NxB525a7FQLnIz458zE2:M7R5LqHwSCnRr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62c77e15592590e89c22404e9c482ff1

Files

62c77e15592590e89c22404e9c482ff1
.sys windows:5 windows x86 arch:x86

f1179c87a690a77f886570011d95dd66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

ntoskrnl.exe

ZwClose
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeQuerySystemTime
RtlRemoveUnicodePrefix
IofCompleteRequest
IoRemoveShareAccess
ExRaiseStatus
_except_handler3
KeLeaveCriticalRegion
KeEnterCriticalRegion
SeQuerySessionIdToken
IoCheckShareAccess
memmove
KeWaitForSingleObject
IofCallDriver
RtlInsertUnicodePrefix
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoCreateFile
KeSetEvent
RtlCompareUnicodeString
ExAcquireResourceSharedLite
IoFreeIrp
KeInitializeEvent
RtlFindUnicodePrefix
_wcsnicmp
IoFreeMdl
MmUnlockPages
ExQueueWorkItem
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithQuotaTag
ProbeForRead
IoAllocateIrp
NtClose
NtOpenFile
_abnormal_termination
KeGetCurrentThread
RtlInitializeUnicodePrefix
KeInitializeSpinLock
ExInitializeResourceLite
ExDeleteResourceLite
IoDeleteDevice
ZwQueryValueKey
ZwOpenKey
IoWMIRegistrationControl
IoCreateDevice
RtlInitUnicodeString
RtlEqualUnicodeString
wcslen
RtlAppendUnicodeToString
wcschr
RtlCopyLuid
ZwCreateFile
RtlAppendUnicodeStringToString
KeResetEvent
IoGetCurrentProcess
IoIsOperationSynchronous
IoSetShareAccess
RtlPrefixUnicodeString
ObfDereferenceObject
ZwFsControlFile
RtlCopyUnicodeString
ObReferenceObjectByPointer
ExConvertExclusiveToSharedLite
PsDereferenceImpersonationToken
PsDereferencePrimaryToken
SeTokenType
PsRestoreImpersonation
PsDisableImpersonation
SeImpersonateClientEx
PsAssignImpersonationToken
KeReleaseSemaphore
SeCreateClientSecurity
RtlGetCallersAddress
FsRtlIsNtstatusExpected
IoUnregisterFileSystem
ExDeleteNPagedLookasideList
IoStopTimer
ZwQueryInformationProcess
IoStartTimer
IoInitializeTimer
IoRegisterShutdownNotification
IoRegisterFileSystem
ExInitializeNPagedLookasideList
MmQuerySystemSize
KeInitializeSemaphore
FsRtlRegisterFileSystemFilterCallbacks
ZwCreateDirectoryObject
FsRtlMdlReadDev
FsRtlMdlReadCompleteDev
FsRtlPrepareMdlWriteDev
FsRtlMdlWriteCompleteDev
IoSetTopLevelIrp
IoGetRequestorSessionId
ProbeForWrite
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlEqualString
ZwCreateSymbolicLinkObject
wcscpy
ZwMakeTemporaryObject
ZwOpenSymbolicLinkObject
RtlIntegerToUnicodeString
_snwprintf
ObMakeTemporaryObject
RtlCompareMemory
RtlRandom
KeUnstackDetachProcess
KeStackAttachProcess
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
RtlUpcaseUnicodeChar
ZwOpenFile
InterlockedPopEntrySList
InterlockedPushEntrySList
SeReleaseSubjectContext
SeQueryAuthenticationIdToken
SeCaptureSubjectContext
KeTickCount
ExFreePoolWithTag
ExAllocatePoolWithTag
DbgPrint
KeBugCheckEx
IoWMIWriteEvent

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1179c87a690a77f886570011d95dd66

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 69KB - Virtual size: 69KB

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 69KB - Virtual size: 69KB

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 5KB - Virtual size: 5KB