2710acd2301342ebd8980e6ebe49cc25

Sharing

Copy URL

Twitter E-mail

General

Target

2710acd2301342ebd8980e6ebe49cc25
Size

76KB
MD5

2710acd2301342ebd8980e6ebe49cc25
SHA1

ede6b257427498b1f7ab33ab311bab5e1e56c0a0
SHA256

0df6fab8c31f140d7c1c556cceb997cf0c2970344afb37e9b84cb469e43d64d3
SHA512

9a5ab5da366471e14b5c101d20bc22445f707cc75ddf59db003f4da4c3a5c2056506c68932239b9c2f24bf2ba91490b051d7d0238fbc6d18d0099e5d41ac7197
SSDEEP

768:1B+q92FuJrZhDyJvxp7xY5QIKn3RyRX3Mi2eYPkJ78zTTUi/eBu7JUeY9Nho/lj:+qEwThDyrhWQW3SkJ7A7eBwJzYB0x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2710acd2301342ebd8980e6ebe49cc25

Files

2710acd2301342ebd8980e6ebe49cc25
.dll windows:5 windows x86 arch:x86

c19ec69a98c25dff46abada6e3fb388c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoGetAttachedDevice
RtlxAnsiStringToUnicodeSize
MmMapLockedPagesSpecifyCache
ObfReferenceObject
IoCreateNotificationEvent
KeQueryActiveProcessors
PsGetCurrentProcessId
SeFreePrivileges
FsRtlFastUnlockSingle
MmAllocateContiguousMemory
CcUnpinRepinnedBcb
RtlFindMostSignificantBit
IoRaiseHardError
MmFlushImageSection
ZwFlushKey
MmIsDriverVerifying
KeInitializeDeviceQueue
KeInitializeQueue
CcMdlWriteComplete
PsGetCurrentThread
MmFreeNonCachedMemory
FsRtlCheckLockForWriteAccess
MmBuildMdlForNonPagedPool
RtlMultiByteToUnicodeN
IoGetCurrentProcess
IoCheckQuotaBufferValidity
IoBuildSynchronousFsdRequest
KeInitializeTimer
CcInitializeCacheMap
IoQueueWorkItem
IoStartNextPacket
RtlSetAllBits
IoGetRelatedDeviceObject
RtlFillMemoryUlong
ObInsertObject
CcRepinBcb
KeWaitForSingleObject
IoReadDiskSignature
IoWMIRegistrationControl
RtlCreateAcl
ZwOpenSymbolicLinkObject
IoCreateStreamFileObjectLite
IoSetStartIoAttributes
KeSetTargetProcessorDpc
ZwCreateDirectoryObject
IoReleaseRemoveLockEx
KeDetachProcess
RtlDeleteElementGenericTable
KeSetImportanceDpc
MmResetDriverPaging
RtlInitAnsiString
DbgBreakPoint
SeAssignSecurity
ZwSetValueKey
SeTokenIsAdmin
RtlSetDaclSecurityDescriptor
IoCreateFile
RtlAnsiCharToUnicodeChar
ObMakeTemporaryObject
RtlHashUnicodeString
RtlFreeOemString
MmAdvanceMdl
CcFastCopyRead
FsRtlFastCheckLockForRead
PsGetProcessId
MmLockPagableSectionByHandle
MmMapIoSpace
RtlCreateRegistryKey
KeQueryInterruptTime
MmQuerySystemSize
IoDeleteDevice
IoGetDeviceAttachmentBaseRef
IoIsOperationSynchronous
IoCheckShareAccess
MmProbeAndLockProcessPages
IoReadPartitionTable
CcFastCopyWrite
IoStartTimer
MmForceSectionClosed
KeSynchronizeExecution
RtlFindLeastSignificantBit
SeFilterToken
ExDeleteNPagedLookasideList
ZwReadFile
RtlPrefixUnicodeString
KeReadStateTimer
PsLookupThreadByThreadId
ExDeletePagedLookasideList
RtlFreeUnicodeString
KeReleaseMutex
MmUnmapIoSpace
KeReadStateSemaphore
PsTerminateSystemThread
RtlGetVersion
KeInitializeApc
IofCallDriver
ZwCreateEvent
MmUnmapReservedMapping
FsRtlIsHpfsDbcsLegal
PoSetSystemState
ObQueryNameString
RtlAppendUnicodeToString
SeQueryInformationToken
IoFreeController
RtlOemStringToUnicodeString
DbgPrompt
CcPreparePinWrite
RtlxOemStringToUnicodeSize
RtlExtendedIntegerMultiply
RtlUnicodeToOemN
CcRemapBcb
ExInitializeResourceLite
RtlInitializeGenericTable
ZwNotifyChangeKey
PsGetVersion
FsRtlCheckOplock
IoReportResourceForDetection
MmProbeAndLockPages
KeBugCheckEx
RtlGUIDFromString
CcZeroData
RtlWriteRegistryValue
IoDisconnectInterrupt
RtlInitString
RtlNtStatusToDosError
ExVerifySuite
RtlFindSetBits
IoSetSystemPartition
MmMapUserAddressesToPage
CcSetFileSizes
CcGetFileObjectFromBcb
KeInitializeEvent
ObOpenObjectByPointer
SeReleaseSubjectContext
FsRtlDeregisterUncProvider
PoRegisterSystemState
RtlSecondsSince1970ToTime
WmiQueryTraceInformation
IoInvalidateDeviceState
RtlInitializeSid
RtlInsertUnicodePrefix
FsRtlCheckLockForReadAccess
ZwOpenKey
IoSetPartitionInformation
IoGetDeviceProperty
IoCreateSynchronizationEvent
SeCaptureSubjectContext
RtlUnicodeStringToOemString
RtlRandom
PsReturnPoolQuota
KeResetEvent
MmAllocatePagesForMdl
CcFastMdlReadWait
ExAllocatePoolWithQuota
ExRaiseStatus
PsReferencePrimaryToken
FsRtlIsNameInExpression
ExSetResourceOwnerPointer
IoSetDeviceToVerify
RtlEqualUnicodeString
CcUnpinDataForThread
RtlMapGenericMask
IoCsqRemoveIrp
IoAllocateErrorLogEntry
RtlLengthSid
IoAllocateController
ExGetExclusiveWaiterCount
IoInitializeRemoveLockEx
KeEnterCriticalRegion
IoGetStackLimits
ZwCreateSection
ExLocalTimeToSystemTime
RtlUpperChar
IoGetRequestorProcess
RtlInitializeBitMap
IoFreeErrorLogEntry
IoFreeIrp
RtlGetNextRange
ProbeForRead
MmFreeMappingAddress
MmSizeOfMdl
ExReleaseResourceLite
ZwSetSecurityObject
RtlAreBitsClear
KeRemoveByKeyDeviceQueue
RtlCreateUnicodeString
RtlFindClearRuns
ExFreePoolWithTag
RtlFindClearBitsAndSet
CcSetReadAheadGranularity
RtlEnumerateGenericTable
MmSetAddressRangeModified
KePulseEvent
CcMdlRead
RtlRemoveUnicodePrefix
ExRegisterCallback
ExSetTimerResolution
PsIsThreadTerminating
IoDetachDevice
RtlDeleteNoSplay
KeRestoreFloatingPointState
KeRegisterBugCheckCallback
RtlEqualString
RtlLengthRequiredSid
IoReadPartitionTableEx
RtlCreateSecurityDescriptor
ExSystemTimeToLocalTime
IoSetShareAccess
RtlClearBits
RtlLengthSecurityDescriptor
IoSetPartitionInformationEx
IoRegisterFileSystem
MmIsAddressValid
ZwQuerySymbolicLinkObject
PsChargeProcessPoolQuota
CcUninitializeCacheMap
CcCopyRead
IoFreeWorkItem
KeSetEvent
RtlSplay
IoDeleteSymbolicLink
IoDeviceObjectType
IoSetThreadHardErrorMode
ExReinitializeResourceLite
ZwClose
KeInitializeDpc
MmPageEntireDriver
CcUnpinData
RtlClearAllBits
ExRaiseDatatypeMisalignment
MmUnsecureVirtualMemory
IoDeleteController
RtlCopyLuid
KeInitializeTimerEx
KeStackAttachProcess
ZwQueryVolumeInformationFile
IoCancelIrp
ZwMapViewOfSection
IoSetTopLevelIrp
ZwQueryKey
PsDereferencePrimaryToken
RtlQueryRegistryValues
FsRtlFreeFileLock
KeDelayExecutionThread
RtlUnicodeToMultiByteN
IoConnectInterrupt
HalExamineMBR
SePrivilegeCheck
IoReleaseRemoveLockAndWaitEx
KeWaitForMultipleObjects
RtlCompareMemory
RtlFindLastBackwardRunClear
IoGetDmaAdapter
ExGetSharedWaiterCount
ZwDeleteKey
FsRtlNotifyInitializeSync
CcSetDirtyPinnedData
ZwSetVolumeInformationFile
KeCancelTimer
MmUnmapLockedPages

Sections

.text
Size: 34KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c19ec69a98c25dff46abada6e3fb388c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 34KB - Virtual size: 37KB

.i_txt Size: 1KB - Virtual size: 1KB

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 512B - Virtual size: 410B

.data Size: 23KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 668B

.text
Size: 34KB - Virtual size: 37KB

.i_txt
Size: 1KB - Virtual size: 1KB

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 512B - Virtual size: 410B

.data
Size: 23KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 668B