03825f74c1ee15cd10dd8b92d99899f4

General

Target

03825f74c1ee15cd10dd8b92d99899f4
Size

17.0MB
MD5

03825f74c1ee15cd10dd8b92d99899f4
SHA1

161b0e568e29fea404c4ecebb1ad3c153921765d
SHA256

e1696274c42bdc629c47e1954d50b522b5510b1361537b125e193e726dbb6133
SHA512

0f1fe91787727cbf4eb449094b487ad0b1b52259d4cedad2cd4441375daff472dbea5533465da7dafdd7de93298aeeac04711698f81e434e089803a398a8faa1
SSDEEP

98304:ttIYSRhiuLG/6g4fiUKRv/6g4fiUKRW/6g4fiUKR8YxtMZgZjLzNV1:ttvST263iUIn63iUIk63iUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03825f74c1ee15cd10dd8b92d99899f4

Files

03825f74c1ee15cd10dd8b92d99899f4
.sys windows:5 windows x86 arch:x86

553db1c071616757679fb78a9e50cc52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_except_handler3
memcpy
ExAllocatePoolWithTag
ExFreePoolWithTag
_stricmp
memset
strcmp
strcat
strncat
strlen
strncpy
strcpy
strncmp
strrchr
wcsncpy
wcscpy
wcsrchr
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcslen
ZwClose
ZwQueryInformationFile
ZwOpenFile
RtlAppendUnicodeStringToString
RtlInitUnicodeString
ZwSetInformationFile
strstr
_strupr
wcsncmp
tolower
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
IofCompleteRequest
_strlwr
ZwQueryValueKey
RtlFreeUnicodeString
ZwOpenKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfDereferenceObject
IoGetDeviceObjectPointer
KeReadStateEvent
MmIsAddressValid
_allmul

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

553db1c071616757679fb78a9e50cc52

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7.4MB - Virtual size: 7.4MB

.rdata Size: 9.2MB - Virtual size: 9.2MB

.data Size: 512B - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 476KB - Virtual size: 476KB

.text
Size: 7.4MB - Virtual size: 7.4MB

.rdata
Size: 9.2MB - Virtual size: 9.2MB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 476KB - Virtual size: 476KB