722b52657b3fbbf00805540ef2165372

General

Target

722b52657b3fbbf00805540ef2165372
Size

39KB
MD5

722b52657b3fbbf00805540ef2165372
SHA1

186be416baee668ee49627ef89ff7059ce3c314c
SHA256

dd2e3a4880a222be0e044f635f903d7e8a05bf2d49cd20bb9ce813be10145cfa
SHA512

ce89a888154b5f683611c8f1bcf7dd314c5a603666b48b8d9ff7c16652a3b0efc7750ff4f394dfa876272f8cf2bead9bd247d26812f3f3891ff5c64a7e1a55ef
SSDEEP

768:cMICrYXc1XtzV/AlrB9pcek8mR82JkmvNTQSliWucvaPl3m:cMWXIXZV/0Lrz2KmlTPQWVvaPt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
722b52657b3fbbf00805540ef2165372

Files

722b52657b3fbbf00805540ef2165372
.sys windows:4 windows x86 arch:x86

63a40c8fc1aa9a002963a0c4afe8b738

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsstr
_wcslwr
KeTickCount
KeQueryTimeIncrement
_stricmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
strncpy
IoGetCurrentProcess
wcsncpy
MmIsAddressValid
PsGetVersion
ZwQueryValueKey
RtlInitUnicodeString
ZwSetValueKey
ObReferenceObjectByHandle
ZwClose
PsCreateSystemThread
wcslen
ZwCreateKey
_wcsnicmp
strncmp
ZwSetInformationFile
ZwCreateFile
wcscpy
swprintf
ObfDereferenceObject
RtlCopyUnicodeString
ZwDeleteKey
IofCompleteRequest
ZwOpenKey
wcscat
_except_handler3
_wcsicmp
wcsrchr
IoRegisterDriverReinitialization
PsLookupProcessByProcessId
_snwprintf
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeQuerySystemTime
RtlCompareUnicodeString
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
wcschr
KeDelayExecutionThread
IoDeviceObjectType
PsSetCreateProcessNotifyRoutine

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63a40c8fc1aa9a002963a0c4afe8b738

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 48B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 48B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB