060b942ab03eb66fd9767a90baaf6782

General

Target

060b942ab03eb66fd9767a90baaf6782
Size

52KB
MD5

060b942ab03eb66fd9767a90baaf6782
SHA1

ad0a91c9642524c629aaedcef4d207017445a4c2
SHA256

2f4ee256a1b476b9c44a75ffc68ec6e022a73bc6f13285c00ea1f2a08bb3ddd6
SHA512

8eb043b8a5d189bef61245106bc09199ea62b28f3bd54b537e20fa01ca166c93e463d30237f5b2d52f797a99853c86e0fb3b1a5b05e522befb7784f8367159a3
SSDEEP

768:unWmczL/E8FO4ngyAIfdg0ftjoNKhzW+FEZcP+/h2TpnUQ9opIVDUkva/Allx+Xc:EWVzL8B4ndAydg0JoQhTF7VBzbG/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
060b942ab03eb66fd9767a90baaf6782

Files

060b942ab03eb66fd9767a90baaf6782
.sys windows:4 windows x86 arch:x86

e48b976f82373b2939862224b81a0097

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
wcsncmp
wcslen
towlower
_strnicmp
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
KeDelayExecutionThread
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwQueryValueKey
_except_handler3
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
wcsstr
IofCompleteRequest
PsCreateSystemThread
ZwSetValueKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
RtlCopyUnicodeString
ZwDeleteValueKey

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 224B - Virtual size: 209B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e48b976f82373b2939862224b81a0097

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 224B - Virtual size: 209B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 224B - Virtual size: 209B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB