66b6d325225d83ef98f8bc1e99298e58

Sharing

Copy URL

Twitter E-mail

General

Target

66b6d325225d83ef98f8bc1e99298e58
Size

378KB
MD5

66b6d325225d83ef98f8bc1e99298e58
SHA1

ead57b91d6f66fb832e6f7c866e3548505114972
SHA256

6c5df68c511b2d48f3715fc1fa97716362a372a142c4fcd2153e372b988fa55a
SHA512

8bfa4b5e4c28033d854f80906daec24f9f71a282d3457c234c46eaa57f0347a2c8c8558927820d2ce9ea60ee2ef58c5acd44f1956f2827f4925c12f1788ab48d
SSDEEP

6144:kQGnasxIPsYk9kNIzk16ffkurOpbDIgFhXYWXMHJyUooBMpacpVnYrZVxWn60u3V:NGaeIPvQ2KJPcniWgdQsyDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66b6d325225d83ef98f8bc1e99298e58

Files

66b6d325225d83ef98f8bc1e99298e58
.dll windows:5 windows x86 arch:x86

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlTimeFieldsToTime
IoAllocateWorkItem
FsRtlCheckLockForWriteAccess
CcMdlReadComplete
ZwAllocateVirtualMemory
PsIsThreadTerminating
ExDeleteNPagedLookasideList
CcFastMdlReadWait
RtlInitUnicodeString
IoSetPartitionInformation
IoDetachDevice
ZwOpenFile
PsDereferencePrimaryToken
ObReferenceObjectByHandle
KeWaitForSingleObject
IoVerifyPartitionTable
KeInitializeQueue
MmMapUserAddressesToPage
MmAllocateMappingAddress
IoDeleteDevice
ZwWriteFile
PoCallDriver
IoCheckEaBufferValidity
IoWMIWriteEvent
IoDisconnectInterrupt
ExAcquireResourceSharedLite
IoGetDeviceToVerify
ZwUnloadDriver
IoSetShareAccess
RtlFillMemoryUlong
IoInitializeRemoveLockEx
PsReturnPoolQuota
RtlSplay
KeRemoveEntryDeviceQueue
IoCancelIrp
IoAcquireRemoveLockEx
RtlCreateUnicodeString
KeInsertByKeyDeviceQueue
ExNotifyCallback
IoConnectInterrupt
KeInsertQueueDpc
RtlVerifyVersionInfo
IoRaiseHardError
PsGetCurrentProcessId
ObReleaseObjectSecurity
KeRemoveQueueDpc
RtlCreateSecurityDescriptor
RtlCheckRegistryKey
MmUnmapReservedMapping
KeClearEvent
ObCreateObject
RtlEqualSid
RtlxAnsiStringToUnicodeSize
RtlRandom
RtlUpcaseUnicodeString
PsGetProcessId
RtlxUnicodeStringToAnsiSize
RtlFindClearBitsAndSet
RtlCopySid
RtlFindLastBackwardRunClear
IoReleaseRemoveLockEx
KeBugCheckEx
ExCreateCallback
ObGetObjectSecurity
SeAssignSecurity
KeCancelTimer
IoAllocateController
PoRequestPowerIrp
IoQueryFileDosDeviceName
PsImpersonateClient
IoAllocateMdl
RtlInitializeUnicodePrefix
ZwOpenProcess
CcInitializeCacheMap
IoDeviceObjectType
RtlValidSid
RtlNtStatusToDosError
IoStopTimer
KeInitializeMutex
IoAcquireVpbSpinLock
RtlCharToInteger
IoSetStartIoAttributes
IoCreateFile
RtlInt64ToUnicodeString
RtlLengthSecurityDescriptor
FsRtlNotifyUninitializeSync
IoReleaseRemoveLockAndWaitEx
CcCanIWrite
IoIsOperationSynchronous
ZwClose
IoWritePartitionTableEx
IoFreeWorkItem
MmUnsecureVirtualMemory
RtlPrefixUnicodeString
MmAddVerifierThunks
ZwLoadDriver
KeDelayExecutionThread
FsRtlIsDbcsInExpression
IoInitializeTimer
SeReleaseSubjectContext
RtlSecondsSince1980ToTime
CcIsThereDirtyData
MmFreeNonCachedMemory
MmFreeContiguousMemory
ZwFreeVirtualMemory
KeSetEvent
MmFreeMappingAddress
MmSecureVirtualMemory
RtlUnicodeToOemN
RtlDowncaseUnicodeString
IoStartNextPacket
DbgBreakPoint
KeInitializeTimerEx
CcFastCopyRead
KeSetTargetProcessorDpc
IoIsSystemThread
KeInitializeEvent
RtlFreeUnicodeString
RtlUpcaseUnicodeChar
KeQueryInterruptTime
ZwOpenSymbolicLinkObject
RtlFindNextForwardRunClear
IoAllocateErrorLogEntry
PsLookupThreadByThreadId
SeLockSubjectContext
ExLocalTimeToSystemTime
RtlFindLongestRunClear
RtlIntegerToUnicodeString
PoUnregisterSystemState
RtlEqualUnicodeString
IoGetCurrentProcess
RtlUnicodeStringToOemString
IoEnumerateDeviceObjectList
IoWMIRegistrationControl
IoCreateNotificationEvent
ExReleaseFastMutexUnsafe
IoThreadToProcess
IoWriteErrorLogEntry
ZwMakeTemporaryObject
ZwQueryInformationFile
RtlClearBits
KeSetSystemAffinityThread
ZwPowerInformation
KeReadStateMutex
RtlValidSecurityDescriptor
RtlAppendStringToString
FsRtlDeregisterUncProvider
SeSetSecurityDescriptorInfo
CcDeferWrite
KeDetachProcess
IoCreateStreamFileObject
IoGetDriverObjectExtension
CcUnpinData
MmIsDriverVerifying
IoCreateDevice
IoUnregisterFileSystem
ExReleaseResourceLite
ZwQueryObject
PsChargeProcessPoolQuota
ZwCreateSection
IoFreeErrorLogEntry
ExVerifySuite
FsRtlFastUnlockSingle
MmSetAddressRangeModified
RtlInitAnsiString
RtlCreateRegistryKey
RtlFindUnicodePrefix
ObMakeTemporaryObject
FsRtlCheckOplock
KeWaitForMultipleObjects
ObfReferenceObject
KeReadStateEvent
RtlFindClearRuns
VerSetConditionMask
IoGetDeviceInterfaceAlias
ObReferenceObjectByPointer
KeBugCheck
CcPreparePinWrite
IoInvalidateDeviceState
IoGetAttachedDevice
CcPurgeCacheSection
ExGetExclusiveWaiterCount
ExSetTimerResolution
DbgPrompt
ZwEnumerateKey
IoGetAttachedDeviceReference
IoFreeMdl
ExAllocatePool
CcPinMappedData
RtlTimeToSecondsSince1970
MmUnmapIoSpace
MmFlushImageSection
RtlCompareMemory
IoSetDeviceInterfaceState
ProbeForRead
RtlVolumeDeviceToDosName
ZwCreateEvent
IoGetBootDiskInformation
KeGetCurrentThread
SeFreePrivileges
KeInitializeTimer
MmUnlockPages
PsGetThreadProcessId
IoGetDeviceInterfaces
SeAppendPrivileges
RtlAppendUnicodeToString
KeRemoveByKeyDeviceQueue
RtlAnsiStringToUnicodeString
SeTokenIsRestricted
SeQueryAuthenticationIdToken
IoSetSystemPartition
KeReleaseMutex
ZwSetValueKey
IoMakeAssociatedIrp
SeDeleteObjectAuditAlarm
FsRtlIsNameInExpression
KeSynchronizeExecution
CcRemapBcb
ExUnregisterCallback
SeImpersonateClientEx
MmQuerySystemSize
RtlFindLeastSignificantBit
PsReferencePrimaryToken
KeSetImportanceDpc
ExQueueWorkItem
RtlFindSetBits
PsTerminateSystemThread
KeRemoveDeviceQueue
IoQueryFileInformation
RtlDeleteNoSplay
KeSetKernelStackSwapEnable
IoIsWdmVersionAvailable
ExSetResourceOwnerPointer
CcUninitializeCacheMap
ExRegisterCallback
ZwDeviceIoControlFile
MmAllocatePagesForMdl
CcUnpinRepinnedBcb
ObInsertObject
RtlOemToUnicodeN
RtlAnsiCharToUnicodeChar
RtlHashUnicodeString
IoFreeIrp
ZwQueryValueKey
RtlUpcaseUnicodeToOemN
IoReuseIrp
KeQueryActiveProcessors
SeDeassignSecurity
RtlSetDaclSecurityDescriptor
ExDeleteResourceLite
IoStartTimer
RtlDeleteElementGenericTable
FsRtlAllocateFileLock
IoGetRelatedDeviceObject
MmBuildMdlForNonPagedPool

Exports

Exports

?InstallDeviceOld@@YGPAMPAI<V
?InstallComponentNew@@YGXGFPAE<V
?FreeComponent@@YGDPAJH<V
?HideArgumentExW@@YGJF<V
?InsertKeyNameOriginal@@YGMPADIM<V
?FindMemoryA@@YGKNIPA_NN<V

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 9KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 768B

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 9KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 768B