17c72fd23234450ce214089966e74a42

General

Target

17c72fd23234450ce214089966e74a42
Size

52KB
MD5

17c72fd23234450ce214089966e74a42
SHA1

61cd4e6655b0d89b782268dd7c0fcada865caa77
SHA256

7091070ed885d6b9522333ffcb3608a05178c5c7fc08a8c50c260c7890a83ece
SHA512

5ceaba25bb12f91193eee561027f32bb9399dc472cb693bf814189e7feb98bc22bda376d4ff97cdc96874eacac35051bc2af275fc389b7a473fbed7acc2e0ad9
SSDEEP

768:xnf0Y7AySRb++D5erBtRXZn9NCE6J+W0tlyF3T5Q4BDj:Rf3pSRbtMBtRXJ9YEEt0tlg5Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c72fd23234450ce214089966e74a42

Files

17c72fd23234450ce214089966e74a42
.sys windows:4 windows x86 arch:x86

38aa7acb6c258ce967b0958d5e4cac76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
KeDelayExecutionThread
PsCreateSystemThread
ZwSetValueKey
ZwQueryValueKey
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
PsGetVersion
RtlCopyUnicodeString
ZwDeleteValueKey
_except_handler3
_strnicmp
wcsncmp
wcslen
towlower
wcsstr
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
strncpy
IofCompleteRequest

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38aa7acb6c258ce967b0958d5e4cac76

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 256B - Virtual size: 245B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 256B - Virtual size: 245B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB