12f278420fd41ae5cd6c71ca06ef0ce0

General

Target

12f278420fd41ae5cd6c71ca06ef0ce0
Size

18KB
MD5

12f278420fd41ae5cd6c71ca06ef0ce0
SHA1

329fde2cf7559038bbea8d8ce4c7049ad560e2e3
SHA256

5a26579614921132b8b874475215f442aac6b11711454ed70f16c0423f4f282f
SHA512

316359f966a13167eaf9d59295f3fce0c8cd60ef48476645a54d798e4389f51c3b4ee0092e030800888116228aaf225fded636a9d6e94c0e6b6a3f5e654ba1cd
SSDEEP

384:cq9v3EyuvymG9yShEwkwUqXLKnyYMepQH0PBGZui2eMwHbZ7wvVF4N09z3b7F+Pb:FCGi+BYGf3RF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12f278420fd41ae5cd6c71ca06ef0ce0

Files

12f278420fd41ae5cd6c71ca06ef0ce0
.sys windows:5 windows x86 arch:x86

706832273c05637959a613e106cbb6fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ProbeForWrite
ProbeForRead
_except_handler3
_stricmp
IofCompleteRequest
PsGetCurrentProcessId
_strupr
IoGetCurrentProcess
RtlFreeAnsiString
_strlwr
strrchr
RtlUnicodeStringToAnsiString
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
MmIsAddressValid
ExAllocatePoolWithTag
ZwPulseEvent
MmGetSystemRoutineAddress
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwQuerySystemInformation
ZwQueryInformationProcess
strncmp
IoDeleteDevice
IoDeleteSymbolicLink
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmSizeOfMdl
PsTerminateSystemThread
ExFreePool
ExGetPreviousMode

hal

KeQueryPerformanceCounter

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zcata
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

vcata
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 976B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

706832273c05637959a613e106cbb6fd

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 15KB - Virtual size: 15KB

zcata Size: 544B - Virtual size: 520B

vcata Size: 544B - Virtual size: 520B

INIT Size: 992B - Virtual size: 976B

.reloc Size: 384B - Virtual size: 374B

.text
Size: 15KB - Virtual size: 15KB

zcata
Size: 544B - Virtual size: 520B

vcata
Size: 544B - Virtual size: 520B

INIT
Size: 992B - Virtual size: 976B

.reloc
Size: 384B - Virtual size: 374B