0210e2e9f2d871a466c2e81120d49497

General

Target

0210e2e9f2d871a466c2e81120d49497
Size

17KB
MD5

0210e2e9f2d871a466c2e81120d49497
SHA1

5692839536e71380c60c593ce73a5aeb519abd88
SHA256

ba4bda5b9d13aa7297e08ff6e2f4f8c5389b32090fe8631cb18229d25017c8cf
SHA512

5aea468a5cffba83a67d7c2b1b1abe92c19e46ffe23ce44a2333de8398042d0d7c0a7c6b87c30b1007d1161c97ad6508b38d0603fdf076432d79c5db881b7a79
SSDEEP

192:ynAdX3leuCfrKy1zpL8Dr5J73309q7SNnHJiQ7sX9eftqY46OzDOwNXhmLHdY0dq:nF3MuCfblQDk07fV9iq9zdhmLHddGt3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0210e2e9f2d871a466c2e81120d49497

Files

0210e2e9f2d871a466c2e81120d49497
.sys windows:5 windows x86 arch:x86

359471798131b373a844aba6a4e66e47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
PsLookupProcessByProcessId
PsInitialSystemProcess
DbgPrint
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExFreePoolWithTag
RtlFreeUnicodeString
RtlCompareUnicodeString
ObQueryNameString
RtlAnsiStringToUnicodeString
ZwClose
ObReferenceObjectByHandle
ObOpenObjectByName
RtlInitAnsiString
ExAllocatePoolWithTag
strncpy
ExGetPreviousMode
MmUserProbeAddress
_except_handler3
ObOpenObjectByPointer
PsLookupThreadByThreadId
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeServiceDescriptorTable
KeAddSystemServiceTable
PsSetCreateProcessNotifyRoutine
KeInitializeDpc
KeNumberProcessors
PsGetCurrentProcessId
ZwQueryInformationProcess
ZwOpenThread
ZwOpenProcess
ZwQuerySystemInformation
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
IoGetCurrentProcess
strncmp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 331B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

359471798131b373a844aba6a4e66e47

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 384B - Virtual size: 331B

.data Size: 256B - Virtual size: 244B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 384B - Virtual size: 331B

.data
Size: 256B - Virtual size: 244B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB