22f1008ecbeb320e80d007a2f07dc727

Sharing

Copy URL Twitter E-mail

General

Target

22f1008ecbeb320e80d007a2f07dc727
Size

39KB
MD5

22f1008ecbeb320e80d007a2f07dc727
SHA1

f425e0e2e3ef0e619a3d9fdca699fdd6238a3e6e
SHA256

150361666d4e652c9b713e6f6c1f899c37c8eb32bb3a14b008b8998c1fcca54c
SHA512

62f7c29cbb751ea1727b884b49e53b321f002a8556664d90f288f9d0a79cb439fd5412e69bfa617c8fa93d011e6dbdc286c7943b7ec7323d8352ee716f00bc3a
SSDEEP

768:jVFt9ap7U4BBQARQkrE8cxh4v6GnXshYC4J:DapI4BBQARwxiiGnXU4J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22f1008ecbeb320e80d007a2f07dc727

Files

22f1008ecbeb320e80d007a2f07dc727
.sys windows:4 windows x86 arch:x86

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAttachProcess
KeDetachProcess
MmIsAddressValid
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByPointer
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwAllocateVirtualMemory
_stricmp
memcpy
strcpy
strlen
PsProcessType
MmSystemRangeStart
MmSectionObjectType
IoFileObjectType
IoAllocateMdl
IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoIsWdmVersionAvailable
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
ProbeForRead
KeServiceDescriptorTable
InterlockedExchange
ExSystemTimeToLocalTime
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
PsTerminateSystemThread
RtlLargeIntegerSubtract
ZwClose
ZwCreateKey
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwSetValueKey
ExAllocatePool
ExFreePool
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
strcat
RtlCompareUnicodeString
KeWaitForSingleObject
IoGetCurrentProcess

hal

KeGetCurrentIrql

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 32B - Virtual size: 24B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 24B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 1024B - Virtual size: 1012B