20b011afd847fdae79f600ed537abebf

General

Target

20b011afd847fdae79f600ed537abebf
Size

30KB
MD5

20b011afd847fdae79f600ed537abebf
SHA1

f4761e2afc8f107b27e4dd20892d797c9117eba4
SHA256

256c1b24a7211529ab92c56e9602af81880b5f0dff105d4c7425e8a230387d24
SHA512

03c0880ee13c23025612d50124b4ff83a80706b7099b0f886a712b94a4398bffe7f4045d775cd2fd45a7fdc9ce9de95412055cf4904a249d8bc1870d3451e4ad
SSDEEP

384:SSLcG5T3JR7Rv3Wp3P/P6wf9AqhPnuXY0aH8eQUxc:BYOT3JRdv3G//P793FnuXY0aHxQU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20b011afd847fdae79f600ed537abebf

Files

20b011afd847fdae79f600ed537abebf
.sys windows:6 windows x86 arch:x86

601665784f4dff2dbee1739ae09ceb14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_aullshr
_aullrem
RtlAppendUnicodeStringToString
wcslen
memset
ObfDereferenceObject
strcmp
PsLookupProcessByProcessId
PsTerminateSystemThread
KeDelayExecutionThread
ZwClose
PsCreateSystemThread
wcsncpy
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
wcsncat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ZwWriteFile
ZwCreateFile
IoRegisterFsRegistrationChange
KeInitializeMutex
ObReferenceObjectByName
IoDriverObjectType
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
memcpy
ExAllocatePoolWithTag
ExFreePoolWithTag
MmIsAddressValid
CmRegisterCallback
ExInitializeResourceLite
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ZwEnumerateValueKey
ExQueueWorkItem
ZwSetValueKey
ZwCreateKey
ZwQuerySystemInformation
PsLookupThreadByThreadId
wcscmp
KeUnstackDetachProcess
KeStackAttachProcess
ZwAllocateVirtualMemory
ZwOpenProcess
KeInsertQueueApc
KeInitializeApc
NtBuildNumber

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 818B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

601665784f4dff2dbee1739ae09ceb14

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 384B - Virtual size: 371B

.data Size: 10KB - Virtual size: 10KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 818B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 384B - Virtual size: 371B

.data
Size: 10KB - Virtual size: 10KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 818B