006a40b96d1fca2be705d81f49c9ee08

Sharing

Copy URL Twitter E-mail

General

Target

006a40b96d1fca2be705d81f49c9ee08
Size

28KB
MD5

006a40b96d1fca2be705d81f49c9ee08
SHA1

3ce1f8e1fbfbbc811c830a6b6e24969d54f1bba5
SHA256

715a2f9a8ffa6367ee83f9227e2f0723fe341bf10a7a841c58986a9b11feecf1
SHA512

2c5afd1383220b52b1bbb356ccf3e31164194aa5b0f731c17ff5185903d6c6110fb7dcab49022708db308b90cfd4c47ed2ebd28027e8fe33f83a14a4ed2ae9d9
SSDEEP

384:YjfnodxlKYXQNb928jIjxVzXtL1Cq+XrgnhHhVkxUw5e1v9tvUEp5Mz5TP0:5VO88jAVB4mhVkzK9t3SRP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
006a40b96d1fca2be705d81f49c9ee08

Files

006a40b96d1fca2be705d81f49c9ee08
.dll windows:4 windows x86 arch:x86

4b4a1e65118da05e3d1dc61203820b5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePoolWithTag
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
_except_handler3
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateThreadNotifyRoutine
IoRegisterShutdownNotification
IoRegisterFsRegistrationChange
_wcslwr
memcpy
memset
ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoGetDeviceObjectPointer
strchr
_strnicmp
_stricmp
_snprintf
wcscpy
MmIsAddressValid
PsGetCurrentProcessId
PsGetCurrentThreadId
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
KeEnterCriticalRegion
ExReleaseResourceLite
_snwprintf
ZwQueryInformationFile
ZwQueryValueKey
ZwOpenKey
ZwDeleteValueKey
strncmp
strlen
IoGetCurrentProcess
IoDetachDevice
MmGetSystemRoutineAddress
ExDeleteNPagedLookasideList
InterlockedPushEntrySList
ExGetPreviousMode
wcsncpy
IoAttachDeviceToDeviceStack
ExQueueWorkItem
KeSetEvent
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
ObQueryNameString
ObfReferenceObject
KeDelayExecutionThread
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlFreeUnicodeString
ZwReadFile
strncpy
strrchr
ZwEnumerateValueKey
ZwSetValueKey
ZwEnumerateKey
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlAppendUnicodeToString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcslen
RtlAnsiStringToUnicodeString
RtlAppendStringToString
RtlCompareString
_strlwr
RtlAppendUnicodeStringToString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoFreeIrp
wcscat
KeGetCurrentThread
IoAllocateIrp
memmove
ZwTerminateProcess
KeServiceDescriptorTable
ZwDeleteKey
RtlInitUnicodeString
IoDeleteSymbolicLink
InterlockedPopEntrySList
IoDeleteDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b4a1e65118da05e3d1dc61203820b5c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB