1d44da6c7612f9b5980d9732aeb0b13e

General

Target

1d44da6c7612f9b5980d9732aeb0b13e
Size

18KB
MD5

1d44da6c7612f9b5980d9732aeb0b13e
SHA1

f9c4d62abb765b7573b85af857c4a5492707989d
SHA256

52ae7575b2e638e7422d49a84b03e9a72179628bbb8fd6687a3d392c1cd4b62c
SHA512

bc42f28cd6a824713b3dd7796ccb656780929dd10b760bdd21ffba83c85a7a6f1f5a6b63e479c8108c2886d1c35aadce8772bef373ed17c5a029c5bfb40978d2
SSDEEP

384:C0rQnOyZpSR0lyhA97V3GUWNJKL2yTdpO71LZkyviZRhLq:C0cnOSSRgyq9B3GjNYfO71LvvehL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d44da6c7612f9b5980d9732aeb0b13e

Files

1d44da6c7612f9b5980d9732aeb0b13e
.sys windows:4 windows x86 arch:x86

395816c830f590f1e6f8662b7e0045ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
isprint
wcsncmp
wcslen
towlower
isspace
isxdigit
strstr
islower
tolower
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
IofCompleteRequest
strrchr
IoGetCurrentProcess
srand
ZwCreateFile
IoRegisterDriverReinitialization
strncmp
PsGetVersion
strncpy
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
atoi
isupper
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
strchr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsstr

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

395816c830f590f1e6f8662b7e0045ae

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB