6e178fd37ec26ff4f931d0674bdf2680

General

Target

6e178fd37ec26ff4f931d0674bdf2680
Size

22KB
MD5

6e178fd37ec26ff4f931d0674bdf2680
SHA1

99ea99236db08c53c6a01fb0aaa775473f111122
SHA256

e5b1658e8b144d1b557892044fa58a79d5dbbb33ba7013b2ca0a784beb2fc649
SHA512

c3ab9946660c7f187490c94ebc44b2e40919b64e218dbc3886e0e9c2a5e452977fbf848bd691024f6f67c712d93ae5123ae35ce29af2dfd926338b7cbe63a51c
SSDEEP

384:I/JPRwLFlg5IfDaKNg6QxLbSkfVYDy6GVAijxRVIIFE61Ze9E0WekP:I/sng5MBmZhSylVvjxRDFE6bIEnekP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e178fd37ec26ff4f931d0674bdf2680

Files

6e178fd37ec26ff4f931d0674bdf2680
.sys windows:4 windows x86 arch:x86

5002bbb6335d4c9c00cf2d7ff81cce7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsicmp
ExInterlockedAddLargeInteger
FsRtlUninitializeLargeMcb
CcSetLogHandleForFile
ExAllocatePool
RtlDeleteRange
ExInterlockedInsertTailList
RtlLookupElementGenericTableFull
KeQuerySystemTime
ZwQueryDirectoryFile
IoAttachDeviceToDeviceStack
mbtowc
wcsncmp
PsGetVersion
ZwQueryInformationProcess
KeIsExecutingDpc
CcPrepareMdlWrite
KefReleaseSpinLockFromDpcLevel
ZwQueryDefaultLocale
KeAcquireSpinLockAtDpcLevel
ExFreePool
MmUnmapViewOfSection
FsRtlCopyWrite
KeReleaseMutex
ExInitializePagedLookasideList
ZwDeleteKey
NtSetQuotaInformationFile
ZwDeleteValueKey

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.bac
Size: 512B - Virtual size: 260B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cab
Size: 512B - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5002bbb6335d4c9c00cf2d7ff81cce7e

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

ILIT Size: 1024B - Virtual size: 614B

.bac Size: 512B - Virtual size: 260B

.cab Size: 512B - Virtual size: 52B

.data Size: 512B - Virtual size: 336B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

ILIT
Size: 1024B - Virtual size: 614B

.bac
Size: 512B - Virtual size: 260B

.cab
Size: 512B - Virtual size: 52B

.data
Size: 512B - Virtual size: 336B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 32B