09348babe24297c2911724ad90fc773b

Sharing

Copy URL

Twitter E-mail

General

Target

09348babe24297c2911724ad90fc773b
Size

98KB
MD5

09348babe24297c2911724ad90fc773b
SHA1

004f941eb05890e960337074f79b83e6a7577c08
SHA256

983cafde2ad68f9b0b670d39201b4dc2759be833c3b3f576976a0e2bb4d2058d
SHA512

93ce09998b0359696c65b1be7f7046c4375d6bd909c8ccc4b7e680966eee09d4559eb01e771c41a5b7aa1dd82b2afee929dcde0719678b53cafe79a2861bf2f3
SSDEEP

3072:6DvBlJer6sROfAd63Z3d+TylpqlqE/6D0qBSFq5nkfdOAXFB5v3/4s:yvBiNdOAXD5v3/4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09348babe24297c2911724ad90fc773b

Files

09348babe24297c2911724ad90fc773b
.sys windows:5 windows x86 arch:x86

2671d7ebc2ba0f87b2b430a8b1e3cd4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
strncpy
strchr
ZwReadFile
ZwQueryInformationFile
NtCreateFile
RtlInitUnicodeString
swprintf
_wcsicmp
wcslen
KeWaitForSingleObject
KeSetTimerEx
KeInitializeTimerEx
PsSetLoadImageNotifyRoutine
PsCreateSystemThread
IofCallDriver
IofCompleteRequest
_strnicmp
IoGetRequestorProcess
ZwQueryInformationProcess
PsGetVersion
PsGetCurrentProcessId
_except_handler3
wcsrchr
wcschr
_wcsnicmp
ZwQueryObject
KeSetPriorityThread
KeGetCurrentThread
NtSetInformationFile
NtDeleteFile
NtOpenProcess
ZwClose
NtQuerySystemInformation
NtOpenFile
strncmp
IoGetCurrentProcess
IoAttachDeviceToDeviceStack
IoCreateDevice
IoGetDeviceObjectPointer
IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
ExReleaseFastMutexUnsafe
IoCreateSymbolicLink
ExAcquireFastMutexUnsafe
IoDeleteSymbolicLink
KeInitializeEvent
ZwSetInformationFile
ZwWriteFile
RtlCompareUnicodeString
ObQueryNameString
ObReferenceObjectByHandle
ZwOpenKey
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwCreateFile
wcscpy
ZwQueryValueKey
ProbeForRead
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
ZwQuerySystemInformation
NtQueryDirectoryFile
ExFreePoolWithTag

hal

KfLowerIrql
KfAcquireSpinLock
KfRaiseIrql

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2671d7ebc2ba0f87b2b430a8b1e3cd4c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 9KB - Virtual size: 9KB

PAGE Size: 12KB - Virtual size: 12KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 9KB - Virtual size: 9KB

PAGE
Size: 12KB - Virtual size: 12KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB