2805538a2632e3e14068efc22206b813

General

Target

2805538a2632e3e14068efc22206b813
Size

187KB
MD5

2805538a2632e3e14068efc22206b813
SHA1

a6584149a0be73793949027ae6e5738ab2cef527
SHA256

bdd630d9d512a7b12fb9897f66803f2292e3bd85d81c4d9b9d5ccaabbfa34dce
SHA512

61a5eac29f3411190d5f028ce762ed25ebfcb2f1451262b726c899915adbca76c9cd57942fe702cc6643f12e3d099cffdbd4243a4dbfce3d32602d699b7c4b08
SSDEEP

3072:4YRDIJJCPBVbwXzzR9VXCEiJKLb1+3LPLzulREu94wBK0K:4aIyB1wfVy9Jm7GnwBS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2805538a2632e3e14068efc22206b813

Files

2805538a2632e3e14068efc22206b813
.sys windows:5 windows x86 arch:x86

6b8570fdc7db3caf2ad840ae68bdcccd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscpy
ExFreePool
ZwQueryValueKey
ZwOpenKey
ExAllocatePoolWithTag
ZwReadFile
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
ZwCreateFile
wcscat
PsGetVersion
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
PsCreateSystemThread
ZwUnmapViewOfSection
IoDeleteSymbolicLink
IofCompleteRequest
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeSetEvent
PsTerminateSystemThread
ZwAllocateVirtualMemory
ZwOpenProcess
KeClearEvent
IoCreateNotificationEvent
ObfDereferenceObject
PsLookupProcessByProcessId

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 608B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b8570fdc7db3caf2ad840ae68bdcccd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 384B - Virtual size: 380B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 608B - Virtual size: 606B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 384B - Virtual size: 380B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 608B - Virtual size: 606B