70bfdf7078b24471d65e4891e3ddb248

Sharing

Copy URL Twitter E-mail

General

Target

70bfdf7078b24471d65e4891e3ddb248
Size

33KB
MD5

70bfdf7078b24471d65e4891e3ddb248
SHA1

d292ec4efa3fe15827bb708e834f69727bb17b1f
SHA256

eb0f9e7dcd46d3dc24e0ad08ce4b81108d96589d1bf1b460263c6b71252288fd
SHA512

539b6792ff7e4b2fe2024fcc2e2f3c6e245ae411be71d19c29d61f8d3dd013f34b5caebf022702bff116202d6514a3e6f0c96674de4c5753efa865c6ed18bd0b
SSDEEP

768:BF8ekNgfivPiAu0v/Wkm+w7Iw23RXAwotvpW:BCNafm+ew7puAwqBW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70bfdf7078b24471d65e4891e3ddb248

Files

70bfdf7078b24471d65e4891e3ddb248
.sys windows:5 windows x86 arch:x86

af07128316b51e9b30bc348d1fd2f3cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfRaiseIrql

ntoskrnl.exe

KeInitializeMutex
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
ZwClose
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
RtlInitUnicodeString
KeReleaseMutex
KeWaitForSingleObject
memcpy
memset
MmIsAddressValid
IofCompleteRequest
ZwQuerySystemInformation
ZwAllocateVirtualMemory
toupper
strcmp
PsLookupProcessByProcessId
_wcsicmp
ZwQueryInformationProcess
RtlCompareUnicodeString
ZwFreeVirtualMemory
ZwQueryInformationThread
ZwWaitForSingleObject
KeUnstackDetachProcess
KeStackAttachProcess
ObOpenObjectByPointer
PsProcessType
_snprintf
ZwCreateFile
wcsstr
wcsncmp
wcslen
wcsncpy
wcsncat
wcscpy
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoGetDeviceObjectPointer
ExQueueWorkItem
_allmul
ZwOpenFile
ZwDeleteFile
ZwQueryDirectoryFile
ZwDeviceIoControlFile
ExFreePool
ExAllocatePool
KeDelayExecutionThread
DbgPrint
ObQueryNameString
CmRegisterCallback
ExInitializeResourceLite
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
RtlCopyUnicodeString
ExAcquireResourceSharedLite
ZwEnumerateValueKey
ZwCreateKey

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af07128316b51e9b30bc348d1fd2f3cb

Headers

DLL Characteristics

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 320B - Virtual size: 294B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 320B - Virtual size: 294B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB