1c62e357da1965ea882d8ea65c07c3a2

General

Target

1c62e357da1965ea882d8ea65c07c3a2
Size

6KB
MD5

1c62e357da1965ea882d8ea65c07c3a2
SHA1

4edf04076a13c4f202c4322d3c75bca32cb7b8f7
SHA256

17dfb83249eda0e3035bac29940c8b3bd5079595680ee7fa3eeada718c87702c
SHA512

24a0afe3ccc9c531551483cbad899238bc598afda15608796ada6f3c9f7d56841ce37c680610d144d91ee0a44421aab7c11edc2ab5af686cb0c06e257392d045
SSDEEP

96:GXdKInNl6EYcRtzxKfoJ5JIZaMNnwHicKDwml+CES0XPYRSKwrZO2redH:U/nz/EoHzMNnwCcKDNljw2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c62e357da1965ea882d8ea65c07c3a2

Files

1c62e357da1965ea882d8ea65c07c3a2
.sys windows:4 windows x86 arch:x86

08c17c87bc39ca1ed895f8b47a45c6c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeNPagedLookasideList
IoAttachDeviceToDeviceStack
IoCallDriver
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
KeInitializeMutex
KeInitializeSpinLock
KeReleaseMutex
KeSetEvent
ExFreePool
NtQuerySystemInformation
ObDereferenceObject
ObReferenceObjectByHandle
PoCallDriver
PoStartNextPowerIrp
PsLookupProcessByProcessId
ExEventObjectType
DbgPrint
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
IofCompleteRequest
KefReleaseSpinLockFromDpcLevel
ObfDereferenceObject
ExDeleteNPagedLookasideList
KeWaitForMutexObject
ExAllocatePool

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 742B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08c17c87bc39ca1ed895f8b47a45c6c5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 768B - Virtual size: 742B

.data Size: 384B - Virtual size: 360B

INIT Size: 992B - Virtual size: 984B

.reloc Size: 384B - Virtual size: 356B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 768B - Virtual size: 742B

.data
Size: 384B - Virtual size: 360B

INIT
Size: 992B - Virtual size: 984B

.reloc
Size: 384B - Virtual size: 356B