224dad10c239c601536948e5b186b7d8

General

Target

224dad10c239c601536948e5b186b7d8
Size

11KB
MD5

224dad10c239c601536948e5b186b7d8
SHA1

9372ec786ca9371f2e7ad1547b79653f918e3423
SHA256

3d08626616bb4402ab0e26d228270da0a5d5042980c8f3e26d48d996e02d483d
SHA512

36ca871c54580a0db1125ea74bde38d16752886c5c6a4e2c43bd676a92707bdc777b394e7e854afa77b48754a528f646407183ad5b77042b543dec42290e18a2
SSDEEP

192:JxeYrVN9mVmSWjj9rBxcELQW3Fw7BWZ8NWZW7:JAYrRE1WFp8W3sBWZ8NW2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
224dad10c239c601536948e5b186b7d8

Files

224dad10c239c601536948e5b186b7d8
.sys windows:5 windows x86 arch:x86

5247a1b7d39ee7fe0bc4695bee3f33fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateFile
ZwClose
ZwQueryValueKey
ZwSetValueKey
ZwCreateKey
KeServiceDescriptorTable
RtlInitUnicodeString
RtlCompareMemory
IofCompleteRequest
IoRegisterDriverReinitialization
RtlFreeAnsiString
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
swprintf
IoCreateSymbolicLink
IoCreateDevice
wcscat
_strlwr
RtlUnicodeStringToAnsiString
wcsrchr
_wcslwr
ZwEnumerateKey
ZwOpenKey
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwOpenFile
strncmp
IoGetCurrentProcess
PsTerminateSystemThread
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeDelayExecutionThread
ObfDereferenceObject
KeWaitForSingleObject
ObReferenceObjectByHandle
sprintf
_stricmp
strncpy
PsLookupProcessByProcessId
wcslen
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmIsAddressValid
ZwUnmapViewOfSection
_except_handler3

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 323B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5247a1b7d39ee7fe0bc4695bee3f33fe

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 384B - Virtual size: 323B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 634B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 384B - Virtual size: 323B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 634B