23b7aa874ebee9f01ee8473582d7575a

Sharing

Copy URL Twitter E-mail

General

Target

23b7aa874ebee9f01ee8473582d7575a
Size

169KB
MD5

23b7aa874ebee9f01ee8473582d7575a
SHA1

22228b73ba780b793eddb9564e61342cec4d06fc
SHA256

41d8190eff226a9007273b68742b652ca0338025fa6b0f7569112dfd882aecc2
SHA512

875139241fe50bf16be230e832affd8d00732a8fc963f57b5ec3170aebb90207729411321e2e7f2dc2eadfca24776a3b9e51c9ab49dab5efb0a848e4354031c5
SSDEEP

3072:84Wx9vpw81Wr8dQ96aaxE7Ugv2vNPHvT3BhvhDm/uFpELO/aOKjqYBEavnewx:FQpwUW4KFajgutHk/uFpVy3uYBEin

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23b7aa874ebee9f01ee8473582d7575a

Files

23b7aa874ebee9f01ee8473582d7575a
.sys windows:5 windows x86 arch:x86

aa07da0f46cf780dce487bb8d6d732f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_allmul
KeTickCount
KeQueryTimeIncrement
_alldiv
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeQuerySystemTime
KeInitializeSpinLock

hal

WRITE_PORT_ULONG
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMAllocateMapRegisters
NdisMFreeMapRegisters
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMPciAssignResources
NdisMQueryAdapterResources
NdisResetEvent
NdisTerminateWrapper
NdisCancelTimer
NdisMSetAttributesEx
NdisInitializeWrapper
NdisMDeregisterAdapterShutdownHandler
NdisWriteErrorLogEntry
NdisWriteEventLogEntry
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration
NdisSetTimer
NdisInitializeTimer
NdisAllocateMemoryWithTag
NdisMSleep
NdisFreeMemory
NdisMRegisterAdapterShutdownHandler
NdisMRegisterMiniport
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisMQueryAdapterInstanceName
NdisFreePacketPool
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisMCompleteBufferPhysicalMapping
NdisMStartBufferPhysicalMapping
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMDeregisterInterrupt
NdisWaitEvent
NdisMCancelTimer
NdisSetEvent
NdisInitializeEvent
NdisMInitializeTimer

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa07da0f46cf780dce487bb8d6d732f7

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 6KB - Virtual size: 5KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 6KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 3KB - Virtual size: 2KB