0befccdf38c3a05f35c889535a8a468b

General

Target

0befccdf38c3a05f35c889535a8a468b
Size

9KB
MD5

0befccdf38c3a05f35c889535a8a468b
SHA1

3804ffeeef0779b22c559c16445221bce0abf87f
SHA256

e53e3106c7d4f6ab22baf5e0f35d45359f8e28556df7755237b65a92ac96fb27
SHA512

fa4af96e837c25ac0b9ae8cbd13be48d2bc61a4e3bb86162ce5dc6e615f5447cc4744d00be13145a9fc92894cb04e27bd34d2b7929b392919689d259eedd3eee
SSDEEP

192:4FGUuYbiDuv0Q16y2LZ7T4278lvPbxSiVNB:483MWLt4ZjsiVj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0befccdf38c3a05f35c889535a8a468b

Files

0befccdf38c3a05f35c889535a8a468b
.sys windows:5 windows x86 arch:x86

ad0b863a189beabf41e498508a9d1f09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgPrint
MmIsAddressValid
KeAttachProcess
PsLookupProcessByProcessId
_except_handler3
wcscmp
strncpy
ExAllocatePoolWithTag
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwCreateKey
ZwSetValueKey
strncmp
IoGetCurrentProcess
KeDetachProcess
RtlFreeAnsiString
RtlCompareMemory
RtlInitAnsiString
RtlUnicodeStringToAnsiString
IoCreateSymbolicLink
IoCreateDevice
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
_stricmp
ZwUnmapViewOfSection
ExFreePool
strncat
ZwQuerySystemInformation
PsGetVersion
ProbeForRead
wcsstr
IofCompleteRequest
ObfDereferenceObject

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad0b863a189beabf41e498508a9d1f09

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 352B - Virtual size: 340B

.data Size: 192B - Virtual size: 192B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 552B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 352B - Virtual size: 340B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 552B