0639eba7bd7ecd5b837af65fa4ad15be

General

Target

0639eba7bd7ecd5b837af65fa4ad15be
Size

40KB
MD5

0639eba7bd7ecd5b837af65fa4ad15be
SHA1

b73a78aa3d975a344701c9a45b3cfabb60358bfc
SHA256

e98af61971855b56247860b87d9fa8566ba3a690b99623b8a22de7b25494a2ce
SHA512

411694be665ec45435aaa97dbaeb57e8d351971cfabf918a1edaff98bc1db5e40118086873f64d52147acb44b97e94f2bea324fa4619c0deec14f496bfccadf1
SSDEEP

768:OJM8TYdjiR0FXBlc2QfewRitwmLs1jcbT0bMgjE8pxR+xW7a1HX7pepDs8DqEFgk:wMDdjC27c3feKitwmLQj+b+xkMadopDE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0639eba7bd7ecd5b837af65fa4ad15be

Files

0639eba7bd7ecd5b837af65fa4ad15be
.sys windows:4 windows x86 arch:x86

6e0acbf2c36abef27fbd395fa17a8f3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
strncmp
KeTickCount
KeQueryTimeIncrement
_stricmp
_wcsnicmp
wcslen
ObfDereferenceObject
ZwClose
ZwDeleteKey
swprintf
KeQuerySystemTime
PsSetCreateProcessNotifyRoutine
_snwprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
wcsncpy
wcschr
ObReferenceObjectByHandle
RtlCompareUnicodeString
ZwQueryValueKey
ZwOpenKey
PsCreateSystemThread
IofCompleteRequest
ZwCreateKey
wcsrchr
ZwSetValueKey
wcsstr
_wcslwr
_except_handler3
MmIsAddressValid
IoDeviceObjectType
ExFreePool
_snprintf
ZwSetInformationFile
ZwCreateFile
wcscpy
wcscat
RtlCopyUnicodeString
IoGetCurrentProcess
PsGetVersion
_wcsicmp
KeDelayExecutionThread
strncpy
PsLookupProcessByProcessId
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 55B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e0acbf2c36abef27fbd395fa17a8f3e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 55B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 55B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB