1a4963b5cda60b77d2f21bbc3fbce7b5

General

Target

1a4963b5cda60b77d2f21bbc3fbce7b5
Size

9KB
MD5

1a4963b5cda60b77d2f21bbc3fbce7b5
SHA1

9b333fab4e2d31160ca29aeb36eaa716c363630f
SHA256

c9a11ac7ae0e6630713f277468454f3eabec603076aa9da6fc753925657c37ab
SHA512

fde6cfd40007587a493e2413146a7ab0081c97710ca175070bb5d723d692bed00eec667fce46f6e57a10bb2e497242588fd8002a4fa2e9a827c5e16a494e167f
SSDEEP

192:ZuuBThCvItFk/n1ArWsfGP4Vkt8iAOjvbr1fJEVZvvBCr:TFcvItsPf4k2i1RuVZv+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a4963b5cda60b77d2f21bbc3fbce7b5

Files

1a4963b5cda60b77d2f21bbc3fbce7b5
.sys windows:5 windows x86 arch:x86

3e39a572f121e70d843077541b598680

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteSymbolicLink
IofCompleteRequest
ZwDeviceIoControlFile
ZwEnumerateKey
KeServiceDescriptorTable
ZwQueryDirectoryFile
RtlFreeAnsiString
RtlCompareMemory
RtlInitAnsiString
RtlUnicodeStringToAnsiString
wcslen
ObfDereferenceObject
wcsstr
ProbeForRead
KeDetachProcess
MmIsAddressValid
KeAttachProcess
PsLookupProcessByProcessId
_except_handler3
wcscmp
strncpy
ExAllocatePoolWithTag
IoCreateDevice
strncmp
IoGetCurrentProcess
ExFreePool
KeUnstackDetachProcess
KeStackAttachProcess
ZwClose
ZwAllocateVirtualMemory
ZwOpenProcess
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
ZwUnmapViewOfSection
_stricmp
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
KeSetEvent
DbgPrint
IoCreateSymbolicLink
PsGetVersion
IoDeleteDevice

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 608B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e39a572f121e70d843077541b598680

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 416B - Virtual size: 388B

.data Size: 128B - Virtual size: 100B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 608B - Virtual size: 604B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 416B - Virtual size: 388B

.data
Size: 128B - Virtual size: 100B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 608B - Virtual size: 604B