2681766a2433d8a4c8a7a384ae7aa6e9

General

Target

2681766a2433d8a4c8a7a384ae7aa6e9
Size

34KB
MD5

2681766a2433d8a4c8a7a384ae7aa6e9
SHA1

378d1e5d39c63263551a5d81184fe3808e1e3a22
SHA256

91642a3c41921fdd3cb541e22f23a6318f3d46b7b2052760947ee67fc5162694
SHA512

a176cca8d5678ff720a045c0579627c66f78b9ab1c5e3c17e8deec501907b3f331a70507a64764935800b71f9948cc3ea8f9c6040e82298dc9b50e225a3515e7
SSDEEP

768:LtaWa/uP872mN0qkRVBZZhGI889kXg5HgBxXfvRP2CO5XczC8zDMNcFFaq:LtaWa/uQv4VBZ7GIR9kXg5HGx3ROCOs7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2681766a2433d8a4c8a7a384ae7aa6e9

Files

2681766a2433d8a4c8a7a384ae7aa6e9
.sys windows:4 windows x86 arch:x86

c338ab8f60efb49071d195f1eae4e216

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
strchr
_except_handler3
strncmp
IoGetCurrentProcess
PsGetVersion
isprint
strrchr
isxdigit
strncpy
_strnicmp
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsncmp
towlower
islower
toupper
atol
srand
isdigit
tolower
isspace
isupper
strstr
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
IofCompleteRequest
atoi
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoRegisterDriverReinitialization

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c338ab8f60efb49071d195f1eae4e216

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB