00cb353b9e71db4bd3c557a609f3cac2

General

Target

00cb353b9e71db4bd3c557a609f3cac2
Size

30KB
MD5

00cb353b9e71db4bd3c557a609f3cac2
SHA1

cbce088e7ea495f1695f0963c1efad1cdb91b477
SHA256

0e440156792bed87df3368729789e4347a9ef284088720e146d8adc5bf612cad
SHA512

727796532d86b37736b8b070e769ffbe667d927cc62b2da676436296101f9a14a2926e10783bc7d9c5690f7872c050c199af22641a5db6b95d54ef939af5c73c
SSDEEP

768:3dwgXqUfFXkzxIv1Me91sqA+LvZ3aTNv7tQ828H/cCmdQJrY0yNz7rgAIas:NwgXquFXkzxIv1Me91XA+LvxgvZQ8Zcb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00cb353b9e71db4bd3c557a609f3cac2

Files

00cb353b9e71db4bd3c557a609f3cac2
.sys windows:5 windows x86 arch:x86

d0d329cdc2bb15d0f14194fc27038536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwDeleteValueKey
KeDelayExecutionThread
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwCreateFile
IoRegisterDriverReinitialization
wcsncmp
towlower
wcsstr
IofCompleteRequest
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0d329cdc2bb15d0f14194fc27038536

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 256B - Virtual size: 220B

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 768B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 256B - Virtual size: 220B

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 768B