12597e0452344f645db7f5d28eca4220

General

Target

12597e0452344f645db7f5d28eca4220
Size

51KB
MD5

12597e0452344f645db7f5d28eca4220
SHA1

f4a69775a3c636327885cac9cba978b4c6175d96
SHA256

6ecab832f967dd22d99f9cd0e6555b0aebee9aabcde0694a46e3b32e448c8d9b
SHA512

5d19ee574da09df4fb07436a1780bc4356da74f005c4b173e18c132bdfb351e0b1fe5e923da8fdcb7c335e4e7c927ee30d36681bed58f6e680f631cef8269f05
SSDEEP

1536:EDBGTMTTw5rWAI427MsP3xtcjEyBL3Xfc:WBGTUTwS//

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12597e0452344f645db7f5d28eca4220

Files

12597e0452344f645db7f5d28eca4220
.sys windows:4 windows x86 arch:x86

db69f8b83f45f49adda5820487d54d09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetVersion
_wcslwr
wcsncpy
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
swprintf
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
MmIsAddressValid
RtlAnsiStringToUnicodeString
KeDelayExecutionThread
ZwCreateKey
wcscat
wcscpy
ZwUnmapViewOfSection
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
IoRegisterDriverReinitialization
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 288B - Virtual size: 275B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db69f8b83f45f49adda5820487d54d09

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 288B - Virtual size: 275B

INIT Size: 928B - Virtual size: 900B

.rsrc Size: 928B - Virtual size: 912B

.reloc Size: 736B - Virtual size: 710B

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 288B - Virtual size: 275B

INIT
Size: 928B - Virtual size: 900B

.rsrc
Size: 928B - Virtual size: 912B

.reloc
Size: 736B - Virtual size: 710B