0e60d98b79c3f11104b8d41d46c21388

General

Target

0e60d98b79c3f11104b8d41d46c21388
Size

9KB
MD5

0e60d98b79c3f11104b8d41d46c21388
SHA1

51bfae378615cb7cf72de2d9524ee494341d009f
SHA256

1ae11e1fda60d35a3a34b0a2878dcac0b76b247e4983f638072446525640e040
SHA512

68e8b55b4291346a5e747ca1c609b06cac9204eb75df5984345193c33ffac2b77fdc175df1feda821edf040598268763b51f24995f2a07abf87925d6801707e3
SSDEEP

96:5S1eIRsOCnyidj9idjfixfiq6B/MzB/R3Iv5YNcBCKfIhF1KhhZ+n59Y9ca3w:bssFyi7iRu36uX3IBY+Q3Fc3ZM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e60d98b79c3f11104b8d41d46c21388

Files

0e60d98b79c3f11104b8d41d46c21388
.sys windows:5 windows x86 arch:x86

27791f7ab9fe0cc27085a82082ed912b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
ZwClose
ExFreePool
ZwQueryValueKey
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
wcscmp
KeSetEvent
sprintf
PsGetCurrentProcessId
PsLookupProcessByProcessId
PsGetCurrentThreadId
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
ObfDereferenceObject
IofCompleteRequest
ObReferenceObjectByHandle
DbgPrint
KeServiceDescriptorTable
PsSetCreateThreadNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwOpenThread
ZwOpenProcess

Exports

Exports

_Student_ZwOpenProcess@16
_Student_ZwOpenThread@16
_Student_ZwQueryDirectoryFile@44
_Student_ZwQuerySystemInformation@16

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 224B - Virtual size: 219B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 800B - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27791f7ab9fe0cc27085a82082ed912b

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 352B - Virtual size: 340B

.data Size: 2KB - Virtual size: 2KB

.edata Size: 224B - Virtual size: 219B

INIT Size: 800B - Virtual size: 790B

.reloc Size: 384B - Virtual size: 356B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 352B - Virtual size: 340B

.data
Size: 2KB - Virtual size: 2KB

.edata
Size: 224B - Virtual size: 219B

INIT
Size: 800B - Virtual size: 790B

.reloc
Size: 384B - Virtual size: 356B