10a688deea74f5fcfd36ff7e3f7c2bc7

Sharing

Copy URL Twitter E-mail

General

Target

10a688deea74f5fcfd36ff7e3f7c2bc7
Size

135KB
MD5

10a688deea74f5fcfd36ff7e3f7c2bc7
SHA1

f372d57e8da2746871b909fc94a80aa3eba6b2c4
SHA256

9c3bf703190d939dcf79b15096e80e74ac811ac326d2330239eaf06a85ccd4b6
SHA512

6de403d2965ec65d6820dac628e3bb0546b54608bc8dcf6611f1abb3b3a816bb68e8c0f49d78a437b0e7f246b496883bb2d895de91fac5aeba5928dbfa43d856
SSDEEP

1536:f5QucPmxQIxTMgXrFtns3JGem1ikJPwJSy+JdygT6Jcia9J/qmmUSK0xfva:f5Mo9LXr3sWvpUSZ/T6JciDmmUSK0x6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10a688deea74f5fcfd36ff7e3f7c2bc7

Files

10a688deea74f5fcfd36ff7e3f7c2bc7
.dll windows:5 windows x86 arch:x86

85b1a6638a83f07d84c4d9cef15dc400

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoConnectInterrupt
IoGetTopLevelIrp
PsGetVersion
IoCreateDevice
IoAllocateMdl
KeInitializeSemaphore
RtlSetAllBits
PsImpersonateClient
SeCaptureSubjectContext
RtlFindSetBits
RtlOemToUnicodeN
IoVerifyVolume
IoSetThreadHardErrorMode
RtlIsNameLegalDOS8Dot3
CcFastCopyRead
ExAllocatePoolWithTag
PoRegisterSystemState
KeInitializeApc
IoQueryFileInformation
RtlTimeToTimeFields
PoCallDriver
CcSetReadAheadGranularity
ObInsertObject
KeInitializeSpinLock
FsRtlFreeFileLock
CcUnpinRepinnedBcb
KeDelayExecutionThread
IoAcquireVpbSpinLock
MmAllocateMappingAddress
ZwEnumerateValueKey
FsRtlNotifyUninitializeSync
KeBugCheckEx
ObReferenceObjectByPointer
RtlCreateSecurityDescriptor
RtlValidSecurityDescriptor
RtlMultiByteToUnicodeN
PsGetCurrentProcess
RtlUnicodeToOemN
KeEnterCriticalRegion
ZwQueryObject
IoWMIWriteEvent
MmFreeContiguousMemory
KeSetTargetProcessorDpc
IoRegisterDeviceInterface
RtlCreateUnicodeString
ExInitializeResourceLite
RtlAreBitsClear
RtlQueryRegistryValues
SeTokenIsAdmin
FsRtlIsHpfsDbcsLegal
KeQueryActiveProcessors
IoCreateFile
IoReportResourceForDetection
MmUnmapIoSpace
CcSetDirtyPinnedData
ZwDeleteKey
IoGetAttachedDevice
KeReadStateTimer
SeAppendPrivileges
RtlGetNextRange
IoVolumeDeviceToDosName
PsRevertToSelf
CcCopyRead
CcRepinBcb
SeDeleteObjectAuditAlarm
IoGetAttachedDeviceReference
IoDeviceObjectType
ZwReadFile
RtlValidSid
ExGetExclusiveWaiterCount
CcPurgeCacheSection
IoQueueWorkItem
RtlFindLastBackwardRunClear
SePrivilegeCheck
ExReleaseResourceLite
RtlGUIDFromString
IoGetDeviceAttachmentBaseRef
IoGetStackLimits
IoUpdateShareAccess
KeReleaseSemaphore
ZwDeleteValueKey
ExAllocatePool
DbgPrompt
ZwCreateSection
RtlRemoveUnicodePrefix
RtlFindClearRuns
ZwOpenSection
IoAcquireCancelSpinLock
PsGetCurrentProcessId
ExUnregisterCallback
IoInitializeRemoveLockEx
ObReferenceObjectByHandle
ExFreePoolWithTag
RtlUnicodeStringToAnsiString
RtlInitializeSid
RtlFindLeastSignificantBit
RtlCompareUnicodeString
IoFreeErrorLogEntry
PsSetLoadImageNotifyRoutine
PsIsThreadTerminating
IoMakeAssociatedIrp
RtlInitializeGenericTable
IoInvalidateDeviceState
KeRevertToUserAffinityThread
ProbeForWrite
MmAddVerifierThunks
MmResetDriverPaging
KePulseEvent
RtlxAnsiStringToUnicodeSize
RtlDelete
IoInitializeTimer
PsChargeProcessPoolQuota
FsRtlGetNextFileLock
CcMapData
ZwCreateEvent
KeSetTimer
PsTerminateSystemThread
PoSetSystemState
MmCanFileBeTruncated
MmMapUserAddressesToPage
KeReleaseMutex
PoUnregisterSystemState
PoSetPowerState
RtlInsertUnicodePrefix
SeQueryInformationToken
IoCancelIrp
IoSetSystemPartition
ExRaiseAccessViolation
MmSetAddressRangeModified
FsRtlNotifyInitializeSync
ZwUnloadDriver
MmUnmapReservedMapping
ExFreePool
MmGetPhysicalAddress
ExAllocatePoolWithQuotaTag
FsRtlMdlWriteCompleteDev
PsReturnPoolQuota
KeInitializeDpc
ZwClose
RtlInitializeBitMap
CcUninitializeCacheMap
MmGetSystemRoutineAddress
CcPinMappedData
IoGetDeviceInterfaces
ExSetTimerResolution
SeOpenObjectAuditAlarm
RtlLengthRequiredSid
RtlLengthSecurityDescriptor
MmMapLockedPages
MmSizeOfMdl
PsReferencePrimaryToken
RtlGenerate8dot3Name
MmFreePagesFromMdl
MmUnlockPages
ExSystemTimeToLocalTime
ZwNotifyChangeKey
PoRequestPowerIrp
RtlFindUnicodePrefix
IoIsOperationSynchronous
KeReadStateSemaphore
ExRaiseStatus
RtlPrefixUnicodeString
MmForceSectionClosed
ExGetSharedWaiterCount
ZwSetValueKey
IoSetTopLevelIrp
IoRemoveShareAccess
FsRtlIsFatDbcsLegal
MmHighestUserAddress
IoWMIRegistrationControl
RtlUpcaseUnicodeToOemN
CcInitializeCacheMap
SeQueryAuthenticationIdToken
SeReleaseSubjectContext
FsRtlFastUnlockSingle
ZwLoadDriver
MmAllocateNonCachedMemory
RtlDowncaseUnicodeString
RtlInitAnsiString
IoDisconnectInterrupt
FsRtlIsDbcsInExpression
ZwCreateDirectoryObject
ZwOpenKey
SeLockSubjectContext
KeClearEvent
ExAcquireResourceSharedLite
RtlUpcaseUnicodeString
MmIsDriverVerifying
ZwQueryInformationFile
IoGetCurrentProcess
ZwSetVolumeInformationFile
SeAssignSecurity
CcDeferWrite
ExUuidCreate
IoGetRequestorProcess
IoGetDiskDeviceObject
KeSetEvent
RtlAnsiStringToUnicodeString
ObReleaseObjectSecurity
MmUnmapLockedPages
KeUnstackDetachProcess
RtlEqualString
RtlSetBits
IoBuildPartialMdl
ExAcquireFastMutexUnsafe
IoSetHardErrorOrVerifyDevice
FsRtlSplitLargeMcb
SeSetSecurityDescriptorInfo
IoAllocateAdapterChannel
ZwQueryVolumeInformationFile
ZwEnumerateKey
ExGetPreviousMode
KeRemoveQueue
ExReleaseFastMutexUnsafe
KeAttachProcess
ExQueueWorkItem
IoInvalidateDeviceRelations
CcFastCopyWrite
CcUnpinData
KdEnableDebugger
IoGetDeviceToVerify
CcRemapBcb
IoDeleteSymbolicLink
ZwQueryKey
IoCreateStreamFileObjectLite
ObOpenObjectByPointer
MmIsVerifierEnabled
ZwDeviceIoControlFile
RtlCompareMemory
KeInitializeMutex
ObMakeTemporaryObject
IoCsqRemoveIrp
PsGetCurrentThread
SeFilterToken
PsDereferencePrimaryToken
IoBuildSynchronousFsdRequest
KeDeregisterBugCheckCallback
RtlDeleteNoSplay
RtlClearAllBits
KeInitializeEvent
MmSecureVirtualMemory
RtlCopySid
KeSetBasePriorityThread
IoSetShareAccess
RtlGetVersion
PsGetProcessId
IoReportDetectedDevice
ZwOpenFile
RtlUpcaseUnicodeChar
IoWriteErrorLogEntry
ProbeForRead
RtlDeleteElementGenericTable
IoCheckQuotaBufferValidity
MmFreeMappingAddress
ExDeleteNPagedLookasideList
KeQuerySystemTime

Exports

Exports

?HideMutex@@IJPAFGHPAI@X

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85b1a6638a83f07d84c4d9cef15dc400

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 61KB - Virtual size: 61KB

.init Size: - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 512B - Virtual size: 504B

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 61KB - Virtual size: 61KB

.init
Size: - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 512B - Virtual size: 504B