2d41ddfc4efe044d2ee070e1fbaa13a8

Sharing

Copy URL Twitter E-mail

General

Target

2d41ddfc4efe044d2ee070e1fbaa13a8
Size

42KB
MD5

2d41ddfc4efe044d2ee070e1fbaa13a8
SHA1

9cfc70c425b826061c5d34768c102eeebdf5ba92
SHA256

e15bb42ccee437076d4ea51fe9625b2ac9ede5d74edfe259adf6ab437db47f3a
SHA512

ad92467ce2d69c4ce8eed29d61bd1c12f198c80bd8f11c42d026c9c38d585814a2c8665c06d12ccd043dcd5135ccb2cbc96638484c1fa7bf1964c61d74cd3fd9
SSDEEP

768:mq1GXBBk9xVD77K95y81JTzWymkdaxNxNc8XviCyJ:mqYXBBkXhGy8WhLx3XKC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d41ddfc4efe044d2ee070e1fbaa13a8

Files

2d41ddfc4efe044d2ee070e1fbaa13a8
.sys windows:5 windows x86 arch:x86

14c702b46f5a2da0d9037253e0be5dd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
PsGetVersion
IofCompleteRequest
IoDeleteSymbolicLink
MmIsAddressValid
CmUnRegisterCallback
MmGetSystemRoutineAddress
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
_except_handler3
KeInitializeSpinLock
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
MmUnlockPages
_stricmp
IoCreateDevice
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
PsGetProcessImageFileName
IoGetCurrentProcess
IoGetDeviceObjectPointer
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwClose
ZwCreateSection
RtlFreeUnicodeString
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlImageDirectoryEntryToData
NtBuildNumber
KeTickCount
DbgPrint
IoCreateSymbolicLink
_strnicmp
IoDeleteDevice

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14c702b46f5a2da0d9037253e0be5dd5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 512B - Virtual size: 420B

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 1KB - Virtual size: 1KB

.vmp1 Size: 12KB - Virtual size: 12KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 512B - Virtual size: 420B

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 1KB - Virtual size: 1KB

.vmp1
Size: 12KB - Virtual size: 12KB

.reloc
Size: 1KB - Virtual size: 1KB