783787040125ffbc2a8b8a6ef60c4e1c

Sharing

Copy URL Twitter E-mail

General

Target

783787040125ffbc2a8b8a6ef60c4e1c
Size

84KB
MD5

783787040125ffbc2a8b8a6ef60c4e1c
SHA1

5318b16c46c915f4f0b6e67ed06cbb06f0642051
SHA256

bdc358f8fae5df653515be89adb67fa13e0de8fb3c20da3beebcfb60503fbfb6
SHA512

1909eca726156e0d164627aa3e0bcc278a88464af8369979bc57fc77fbea098b9033a233598a445876d0c38b3c584af503d69909cfd036ea6d0e147cb47a6af1
SSDEEP

1536:9WoDN+cQxH24y3TG6IEEPJ04RRpJM68BoDcQouCp3D8tsME0qS0SgHsCw:9WQNotyDAk0TkBoDcQouCp3DMsqqS/ga

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
783787040125ffbc2a8b8a6ef60c4e1c

Files

783787040125ffbc2a8b8a6ef60c4e1c
.sys windows:5 windows x86 arch:x86

3a02f05751a9c014c955b603cb0ebb16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
swprintf
KeSetEvent
IoCreateSymbolicLink
IoGetConfigurationInformation
IoDeleteSymbolicLink
MmFreeMappingAddress
IoFreeErrorLogEntry
IoDisconnectInterrupt
MmUnmapIoSpace
ObReferenceObjectByPointer
IofCompleteRequest
IofCallDriver
RtlCompareUnicodeString
MmAllocateMappingAddress
IoAllocateErrorLogEntry
IoConnectInterrupt
IoDetachDevice
KeWaitForSingleObject
KeInitializeEvent
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoBuildDeviceIoControlRequest
IoQueueWorkItem
MmMapIoSpace
IoInvalidateDeviceRelations
IoReportDetectedDevice
IoReportResourceForDetection
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
PoRequestPowerIrp
KeInsertByKeyDeviceQueue
PoRegisterDeviceForIdleDetection
sprintf
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
IoInvalidateDeviceState
ZwClose
ObReferenceObjectByHandle
ZwCreateDirectoryObject
IoBuildSynchronousFsdRequest
PoStartNextPowerIrp
IoCreateDevice
RtlCopyUnicodeString
IoAllocateDriverObjectExtension
RtlQueryRegistryValues
ZwOpenKey
RtlFreeUnicodeString
IoStartTimer
KeInitializeTimer
IoInitializeTimer
KeInitializeDpc
KeInitializeSpinLock
IoInitializeIrp
ZwCreateKey
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ZwSetValueKey
KeInsertQueueDpc
KefAcquireSpinLockAtDpcLevel
IoStartPacket
KefReleaseSpinLockFromDpcLevel
IoBuildAsynchronousFsdRequest
IoFreeMdl
MmUnlockPages
IoWriteErrorLogEntry
KeRemoveByKeyDeviceQueue
MmHighestUserAddress
MmMapLockedPagesWithReservedMapping
MmUnmapReservedMapping
KeSynchronizeExecution
IoStartNextPacket
KeBugCheckEx
KeRemoveDeviceQueue
KeSetTimer
KeCancelTimer
_allmul
PoSetPowerState
IoOpenDeviceRegistryKey
RtlWriteRegistryValue
_aulldiv
strstr
_strupr
KeQuerySystemTime
IoWMIRegistrationControl
_except_handler3
IoAttachDeviceToDeviceStack
IoDeleteDevice
ExAllocatePoolWithTag
IoAllocateWorkItem
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
MmLockPagableDataSection
IoGetDriverObjectExtension
MmUnlockPagableImageSection
ExFreePoolWithTag
IoFreeIrp
IoFreeWorkItem
InitSafeBootMode
RtlCompareMemory
PoCallDriver
memmove

hal

KfAcquireSpinLock
READ_PORT_UCHAR
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
HalGetInterruptVector
HalTranslateBusAddress
KeStallExecutionProcessor
KfReleaseSpinLock
READ_PORT_BUFFER_USHORT
READ_PORT_USHORT
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_UCHAR

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

NONPAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESCAN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a02f05751a9c014c955b603cb0ebb16

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 34KB - Virtual size: 34KB

NONPAGE Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

PAGESCAN Size: 4KB - Virtual size: 4KB

PAGE Size: 20KB - Virtual size: 20KB

INIT Size: 8KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 34KB - Virtual size: 34KB

NONPAGE
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

PAGESCAN
Size: 4KB - Virtual size: 4KB

PAGE
Size: 20KB - Virtual size: 20KB

INIT
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 3KB - Virtual size: 3KB