68d90e1f5e7fc7ceb92bd38333ad8b76

General

Target

68d90e1f5e7fc7ceb92bd38333ad8b76
Size

18KB
MD5

68d90e1f5e7fc7ceb92bd38333ad8b76
SHA1

80b67af09357d8b6cdecb702d6a44d9033dc6d27
SHA256

49d19ef4ede80aed691a9bec938af30c26bfd4db4bc8f53c22c54e82ca2cbc1d
SHA512

2f1c7de13601191caf8af41923b47f9083ec1444d5da51c669257a70af5a936ebbb17747e75e47a401181b3a80f2e3eaaaf75f03bc38b586cdd6bbcf825f67a8
SSDEEP

384:z9v3EyuvymGtyShEwkwUqXLKnyYMepQH0PBGZui2eMwHbZ7wvVF4N09z3b71+7Qo:ZCGy+UV76f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68d90e1f5e7fc7ceb92bd38333ad8b76

Files

68d90e1f5e7fc7ceb92bd38333ad8b76
.sys windows:5 windows x86 arch:x86

45876e02e389f49e8bdd873e468a6de0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ProbeForRead
_except_handler3
_stricmp
IofCompleteRequest
PsGetCurrentProcessId
_strupr
IoGetCurrentProcess
RtlFreeAnsiString
_strlwr
strrchr
RtlUnicodeStringToAnsiString
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ProbeForWrite
ExAllocatePoolWithTag
ZwPulseEvent
MmGetSystemRoutineAddress
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwQuerySystemInformation
ZwQueryInformationProcess
strncmp
IoDeleteDevice
IoDeleteSymbolicLink
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmSizeOfMdl
PsTerminateSystemThread
MmIsAddressValid
ExFreePool
ExGetPreviousMode

hal

KfAcquireSpinLock
KeQueryPerformanceCounter

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zcata
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

vcata
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45876e02e389f49e8bdd873e468a6de0

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 15KB - Virtual size: 15KB

zcata Size: 544B - Virtual size: 520B

vcata Size: 544B - Virtual size: 520B

INIT Size: 1024B - Virtual size: 1000B

.reloc Size: 384B - Virtual size: 378B

.text
Size: 15KB - Virtual size: 15KB

zcata
Size: 544B - Virtual size: 520B

vcata
Size: 544B - Virtual size: 520B

INIT
Size: 1024B - Virtual size: 1000B

.reloc
Size: 384B - Virtual size: 378B