494aad8e78484e83d162c37954e1e53ce994acff0d5ece36b5eb2dfa887f7c1b

Sharing

Copy URL Twitter E-mail

General

Target

494aad8e78484e83d162c37954e1e53ce994acff0d5ece36b5eb2dfa887f7c1b
Size

1.2MB
MD5

71278d7978838d208bc3f81e3854d828
SHA1

1eb9fcd286742dfdd1e2b3cf5db26d2447e09da5
SHA256

494aad8e78484e83d162c37954e1e53ce994acff0d5ece36b5eb2dfa887f7c1b
SHA512

daf14dc8c7ff6d1f522c29ba6527666fec6757e4cdf9c9a5d55cbe31ebe1b89942a35defd46b253f122da4898ff081da6df4cab3abff769f04f7a4e20468cce1
SSDEEP

24576:30+zCdFN+FCUZ3tVlm7Il4/FmNHbBSI6ZOthCuYsVDKCiF0i:3VCDN+FCSm7Yv9SXw9VpaF0i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
494aad8e78484e83d162c37954e1e53ce994acff0d5ece36b5eb2dfa887f7c1b

Files

494aad8e78484e83d162c37954e1e53ce994acff0d5ece36b5eb2dfa887f7c1b
.sys windows:6 windows x64 arch:x64

5db18f298afafe3870cfe2b9591ec96d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlWalkFrameChain
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ncpX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ncpX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5db18f298afafe3870cfe2b9591ec96d

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 374KB

.rdata Size: - Virtual size: 791KB

.data Size: - Virtual size: 339KB

.pdata Size: - Virtual size: 8KB

PAGE Size: - Virtual size: 3KB

INIT Size: - Virtual size: 6KB

.ncpX0 Size: - Virtual size: 1.3MB

.ncpX1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 374KB

.rdata
Size: - Virtual size: 791KB

.data
Size: - Virtual size: 339KB

.pdata
Size: - Virtual size: 8KB

PAGE
Size: - Virtual size: 3KB

INIT
Size: - Virtual size: 6KB

.ncpX0
Size: - Virtual size: 1.3MB

.ncpX1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB