1e8caf3a698e8f3abb32006368c4c32d

General

Target

1e8caf3a698e8f3abb32006368c4c32d
Size

12KB
MD5

1e8caf3a698e8f3abb32006368c4c32d
SHA1

0a92c5dca84f639e5999cd436a7c8b162923cc9f
SHA256

6934eb0a302fb20e1365fe658b701ad70c3fa8706238d0c417d600a14d7c16d2
SHA512

2a27a25388dd6f27dfcfda67e0020b709b96390105286c92c00fac9e9d862f1246f0516a80feb8f88d892142dace32d526e31f842ee29a17543064e515a68b3c
SSDEEP

192:pEqbj86lvXYGA6GA0gQpMMmM0xNebmKgr+AD+3A:maj86u3611xM0CRFAKw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e8caf3a698e8f3abb32006368c4c32d

Files

1e8caf3a698e8f3abb32006368c4c32d
.sys windows:5 windows x86 arch:x86

02ae43faba2d5f44600bcd07c525816d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
RtlInitUnicodeString
ZwCreateFile
RtlFreeAnsiString
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
_strlwr
RtlUnicodeStringToAnsiString
wcsrchr
_wcslwr
_vsnprintf
wcslen
PsTerminateSystemThread
ObfDereferenceObject
KeWaitForSingleObject
ObReferenceObjectByHandle
KeDelayExecutionThread
ZwQueryValueKey
ZwCreateKey
ZwClose
wcscmp
ZwEnumerateKey
ExAllocatePoolWithTag
ZwDeleteFile
ZwSetInformationFile
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
ZwReadFile
strncmp
IoGetCurrentProcess
_except_handler3
ZwDeleteValueKey
_stricmp
strncpy
PsLookupProcessByProcessId
IofCompleteRequest
RtlCompareMemory
ExFreePoolWithTag
_vsnwprintf

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02ae43faba2d5f44600bcd07c525816d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 784B

.reloc Size: 768B - Virtual size: 690B

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 784B

.reloc
Size: 768B - Virtual size: 690B