671cb9a2cd605972ef6af16b72adc5ea

Sharing

Copy URL Twitter E-mail

General

Target

671cb9a2cd605972ef6af16b72adc5ea
Size

22KB
MD5

671cb9a2cd605972ef6af16b72adc5ea
SHA1

6ad9a80871b50a9da1232b5b5fe4d7bcd03fd848
SHA256

59fa9a955e7cb8975365c78ebda77a2bfeddeeca9fa37d183dee2fb9ea7a02d1
SHA512

122aca2d3e7e0f3fb9ea235ebe8b29bf6dad904bd03a497cf40c79a2f8f9c80cb1808bc4935f489844382f1d25366491fd01bad0a45c227c888bf7e632018340
SSDEEP

384:HXdmevD5vWP2GW9LAB7YBLXj4skjU6nQAoXyJb4GBXktHVwVzzWLIobWP2GW9:fU2YkLz4NU8TpJd+tVwVziLpa2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
671cb9a2cd605972ef6af16b72adc5ea

Files

671cb9a2cd605972ef6af16b72adc5ea
.sys windows:5 windows x86 arch:x86

80ceafa87487c2a1e5e0a913df0055d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
IofCompleteRequest
ExFreePool
KeInitializeEvent
ExAllocatePoolWithTag
KeTickCount

ks.sys

KsiDefaultClockAddMarkEvent
KsiPropertyDefaultClockGetFunctionTable
KsiPropertyDefaultClockGetState
KsiPropertyDefaultClockGetResolution
KsiPropertyDefaultClockGetCorrelatedPhysicalTime
KsiPropertyDefaultClockGetCorrelatedTime
KsiPropertyDefaultClockGetPhysicalTime
KsiPropertyDefaultClockGetTime
KsSetDevicePnpAndBaseObject
KsAllocateDeviceHeader
KsSetDefaultClockTime
KsSetDefaultClockState
KsDereferenceSoftwareBusObject
KsAllocateObjectHeader
KsAllocateDefaultClock
KsReferenceSoftwareBusObject
KsFreeObjectHeader
KsFreeDefaultClock
KsFreeEventList
KsPropertyHandler
KsEnableEvent
KsDisableEvent
KsNullDriverUnload
KsSetMajorFunctionHandler
KsDefaultForwardIrp
KsDefaultDispatchPower
KsDefaultDispatchPnp

Sections

.text
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvdg
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80ceafa87487c2a1e5e0a913df0055d1

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

ks.sys

Sections

.text Size: 128B - Virtual size: 96B

.data Size: 128B - Virtual size: 8B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.bvdg Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 256B - Virtual size: 240B

.text
Size: 128B - Virtual size: 96B

.data
Size: 128B - Virtual size: 8B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.bvdg
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 256B - Virtual size: 240B