DllInitialize
KdRCInitialize
KdRCRestore
KdRCSave
Static task
static1
1 signatures
General
-
Target
2180f4969ab9af36362717d997245cb3
-
Size
61KB
-
MD5
2180f4969ab9af36362717d997245cb3
-
SHA1
c4b5d5f60c1c0f6ccbd78433245ff810c0339990
-
SHA256
0fee54da832c59eeebc1145b86b07bbc8a6a6d6d6f439e638d2c379e73b59f59
-
SHA512
2e24ff0446f2bfbfb6dbd3270d3ba02399da6269925462246931513d1a3575ce566a723a1601acdf860f9745b48fa8ffe1622041d3e3e58d5b17b5428e8d7a1e
-
SSDEEP
1536:RGO4R8guyHmNTiZr19CwxdHPtPiova31T:Rvny+szPtPioC31
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2180f4969ab9af36362717d997245cb3
Files
-
2180f4969ab9af36362717d997245cb3.sys windows:6 windows x86 arch:x86
b63c2dde517a908a595ad7985c621087
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeWaitForSingleObject
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeInitializeDpc
KeInitializeEvent
ExAllocatePool
KeNumberProcessors
towupper
MmIsAddressValid
ProbeForRead
ProbeForWrite
ZwQuerySystemInformation
strstr
RtlEqualUnicodeString
wcschr
memcpy
ZwQueryInformationProcess
PsGetCurrentProcessId
memset
ExReleaseResourceLite
RtlCopyUnicodeString
RtlInitUnicodeString
_wcsicmp
wcsrchr
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
MmGetSystemRoutineAddress
KeServiceDescriptorTable
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
wcsncat
wcsncpy
ObQueryNameString
ObReferenceObjectByHandle
IoFileObjectType
strncpy
IoGetCurrentProcess
KeGetCurrentThread
KeReleaseMutex
RtlWriteRegistryValue
swprintf
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeSetEvent
wcsstr
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
_stricmp
ZwWriteFile
ZwCreateFile
ZwDeleteFile
ZwQueryDirectoryFile
ZwTerminateProcess
ZwOpenProcess
ObOpenObjectByPointer
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_wcslwr
PsGetCurrentThreadId
RtlAppendUnicodeStringToString
KeUnstackDetachProcess
KeStackAttachProcess
ZwOpenThread
RtlFreeAnsiString
sprintf
RtlUnicodeStringToAnsiString
ZwWaitForSingleObject
ZwSetEvent
atol
ZwSetInformationFile
ZwOpenEvent
KeSetTimer
PsTerminateSystemThread
PsCreateSystemThread
NtBuildNumber
ZwQueryVolumeInformationFile
KeInitializeTimer
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
ZwEnumerateValueKey
ZwOpenKey
KeInitializeMutex
wcsncmp
ObOpenObjectByName
KeTickCount
KeBugCheckEx
ExFreePoolWithTag
PsLookupProcessByProcessId
RtlAppendUnicodeToString
ObfDereferenceObject
RtlUnwind
hal
KeRaiseIrqlToDpcLevel
KfLowerIrql
KfRaiseIrql
Exports
Exports
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 256B - Virtual size: 139B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 968B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ