2303d965f6d7e872395e3d8a7cef725c

Sharing

Copy URL Twitter E-mail

General

Target

2303d965f6d7e872395e3d8a7cef725c
Size

31KB
MD5

2303d965f6d7e872395e3d8a7cef725c
SHA1

13316f271191dff9d8bee2ae80b1e96705bcaeb7
SHA256

525bf4734aa9760339349c17300bb0c3f5b286fcee3f138de762cc30200a21f5
SHA512

bfb0f09c0a06b09075cd997acbee5e1fb53581bf1e0c66176e267deca59b9c12307835685ddbe17736e065e38d1b6c48f8e4da46d9aca854885e5aa9cf62373a
SSDEEP

384:X16OsV0u3HRbZ9Fh4KfENTJmxS9psFynvMZ3RlB2JLmwYg7qyv7dfYqFaIeCxLBo:XgFN7458knYgmPg/xzYkXIN3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2303d965f6d7e872395e3d8a7cef725c

Files

2303d965f6d7e872395e3d8a7cef725c
.sys windows:6 windows x86 arch:x86

67364575ca44a688a87030fed8e85072

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwCreateEvent
ZwCreateFile
RtlInitUnicodeString
swprintf
memset
ExFreePoolWithTag
ExAllocatePool
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwOpenKey
KeSetTimerEx
KeInitializeTimerEx
_allmul
KeDelayExecutionThread
_strnicmp
RtlCharToInteger
memcpy
RtlGetVersion
ObReferenceObjectByHandle
ObfDereferenceObject
IoGetDeviceObjectPointer
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
MmProbeAndLockPages
IoAllocateMdl
KeSetEvent
atol
ZwEnumerateKey
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoCancelIrp
IoAllocateIrp
_except_handler3
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwWriteFile
ZwClose
PsLookupProcessByProcessId
_wcsicmp
ZwQueryInformationProcess
RtlCompareUnicodeString
strstr
_strlwr
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
KeUnstackDetachProcess
KeStackAttachProcess
ObOpenObjectByPointer
PsProcessType
mbstowcs
KeReleaseMutex
memmove
KeCancelTimer
RtlEqualUnicodeString
ObQueryNameString
ObReferenceObjectByName
IoDriverObjectType
RtlAppendUnicodeStringToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwEnumerateValueKey
PsTerminateSystemThread
KeWaitForMultipleObjects
PsCreateSystemThread
IoDetachDevice
IoGetAttachedDeviceReference
ZwOpenFile
ZwSetEvent
PoCallDriver
PoStartNextPowerIrp
KeInitializeMutex
ZwClearEvent
ZwWaitForMultipleObjects
strrchr
ExEventObjectType
rand
ZwQuerySystemInformation
_vsnprintf

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67364575ca44a688a87030fed8e85072

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 1024B - Virtual size: 740B

.data Size: 512B - Virtual size: 121KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 1024B - Virtual size: 740B

.data
Size: 512B - Virtual size: 121KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB