062e1f2c19317aa367eb027c152cee1a

General

Target

062e1f2c19317aa367eb027c152cee1a
Size

34KB
MD5

062e1f2c19317aa367eb027c152cee1a
SHA1

bb6b431d5f896607ccd6eafd88da75b824720496
SHA256

0fc5dfcbdb0fe3fc079ff3f227bbb8761737ae0cfd54f11bbca7ecd8838ce340
SHA512

6309238967e87b2c0c023d4747241e015b552c300a627488af68a7194ad66909d7e7eb92ed7fc169f40fe9f8da626596cbba439ce56d53da17c457804c25e70c
SSDEEP

768:tKNPeMTCD6YWy0pgwLNfcUSyN86TumPhvksmyZsiit5nE+2d7Fp8CTJHVeetzQ48:tKASwdWyGLhcUV88umPSEZdLzCax1Pgf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
062e1f2c19317aa367eb027c152cee1a

Files

062e1f2c19317aa367eb027c152cee1a
.sys windows:4 windows x86 arch:x86

80752b629071279bed6d54be284a9a2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
isxdigit
isspace
srand
atol
strchr
toupper
strstr
PsGetVersion
tolower
isdigit
atoi
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
IofCompleteRequest
_strnicmp
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
wcsncmp
wcslen
towlower
strncmp
strncpy
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
isprint
wcscpy
ZwEnumerateKey
wcscat
KeDelayExecutionThread
ZwDeleteValueKey

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80752b629071279bed6d54be284a9a2a

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B