0a350e896d3cd19ce379fa0548453e80

Sharing

Copy URL Twitter E-mail

General

Target

0a350e896d3cd19ce379fa0548453e80
Size

65KB
MD5

0a350e896d3cd19ce379fa0548453e80
SHA1

4bb68946b91448d86e4632c5e1626d6ac5842a8e
SHA256

d213fa6ddadcafe444de89a7156aa82fbad839b40ab8722da0d3c56d7967c34f
SHA512

574672ccb6a931673a6fff1a063ff5b2f45f8f9d559ffd21974244db84b848c7cd845ee0841e639fdee9b035b53ea225a142c8fe3d6a7364a799d4ffc5c27976
SSDEEP

1536:t4OiEGmJtmskb96FNYroFEFUJ+uRmvw9u/:tqx8WF2+4mvw9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a350e896d3cd19ce379fa0548453e80

Files

0a350e896d3cd19ce379fa0548453e80
.dll windows:5 windows x86 arch:x86

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwAllocateVirtualMemory
PsTerminateSystemThread
RtlEqualUnicodeString
IoReleaseRemoveLockEx
IoSetHardErrorOrVerifyDevice
SeDeleteObjectAuditAlarm
ZwQueryObject
IoUpdateShareAccess
CcPinMappedData
ObReferenceObjectByPointer
RtlCopyUnicodeString
KeInitializeDpc
ExFreePool
MmHighestUserAddress
ProbeForRead
ZwUnloadDriver
ExReinitializeResourceLite
MmFreeContiguousMemory
CcUnpinRepinnedBcb
KeSetBasePriorityThread
MmLockPagableSectionByHandle
CcUninitializeCacheMap
MmAllocateMappingAddress
KeRemoveQueue
IoVolumeDeviceToDosName
RtlSplay
MmFreeMappingAddress
IoSetThreadHardErrorMode
KeSetTimerEx
RtlAreBitsSet
KeQueryActiveProcessors
ZwOpenSection
IoCreateStreamFileObjectLite
RtlFreeOemString
SeAccessCheck
PoRegisterSystemState
IoCancelIrp
MmFlushImageSection
FsRtlIsTotalDeviceFailure
IoGetCurrentProcess
IoCreateDevice
MmProbeAndLockProcessPages
CcUnpinData
SeAppendPrivileges
PoSetSystemState
ExRegisterCallback
KeInitializeTimerEx
KeClearEvent
ObInsertObject
KeInsertDeviceQueue
KeRegisterBugCheckCallback
KeSetKernelStackSwapEnable
RtlCreateSecurityDescriptor
KeGetCurrentThread
KeRemoveQueueDpc
CcPinRead
IoAcquireRemoveLockEx
IoWMIWriteEvent
ExNotifyCallback
ExReleaseFastMutexUnsafe
IoAllocateIrp
RtlPrefixUnicodeString
IoInitializeIrp
RtlAnsiCharToUnicodeChar
RtlLengthRequiredSid
ObCreateObject
RtlSecondsSince1970ToTime
IoGetTopLevelIrp
RtlDeleteElementGenericTable
IoRaiseHardError
RtlCompareMemory
MmAllocateContiguousMemory
RtlInitializeUnicodePrefix
RtlInitializeGenericTable
FsRtlSplitLargeMcb

Exports

Exports

?CrtStringW@@YGPAIPA_NPAJKG<V
?SendCommandLineExW@@YGNPANNPAMI<V
?RtlPathOriginal@@YGPAFPAMMPAE<V
?DecrementCommandLineNew@@YGHE<V
?HideMessageEx@@YGPA_NE<V
?CallProjectNew@@YGIPAMK<V

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 28KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 872B