3898e2ed4385121d551a9b4b0148a429

General

Target

3898e2ed4385121d551a9b4b0148a429
Size

14KB
MD5

3898e2ed4385121d551a9b4b0148a429
SHA1

f941eb96a2487d4e9d99de86dd1107e5a12cf908
SHA256

9fd2358168424794c9c7ff9af5c513cfb7887ce9949459c9efa7f3bce67f7127
SHA512

9daa402a0915bab715c5d12692f54fc68d6130b68e2fb8f26c08e0193cc1d5cdee66e06b35d83ba47567bb1d52b898ab092f58cb182c02e21fdba654fc749a4e
SSDEEP

384:aCs++Xpj5SHpZVGzzRza7M2z8DXSHPjk:aCsh15SJZVwNah8+Hr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3898e2ed4385121d551a9b4b0148a429

Files

3898e2ed4385121d551a9b4b0148a429
.sys windows:4 windows x86 arch:x86

0dc8618214537cbeedfb4f648b4d396a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
ExFreePool
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlZeroMemory
ZwQuerySystemInformation
strcat
strcpy
IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
KeWaitForSingleObject
ObDereferenceObject
ObReferenceObjectByHandle
ProbeForRead
ProbeForWrite
PsCreateSystemThread
ZwClose
RtlCompareMemory
RtlFreeUnicodeString
memcpy
IoGetCurrentProcess
Ke386IoSetAccessProcess
Ke386QueryIoAccessMap
Ke386SetIoAccessMap
KeAttachProcess
KeDetachProcess
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
ZwAllocateVirtualMemory
strstr
wcsstr
KeDelayExecutionThread
MmGetSystemRoutineAddress
PsTerminateSystemThread
ZwCreateKey
ZwOpenFile
ZwSetValueKey
RtlCompareUnicodeString
ZwQueryInformationFile
ZwReadFile
IoAllocateMdl
IoFreeMdl
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
KeServiceDescriptorTable
InterlockedExchange

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 416B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dc8618214537cbeedfb4f648b4d396a

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 80B - Virtual size: 80B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 920B

.reloc Size: 416B - Virtual size: 408B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 80B - Virtual size: 80B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 920B

.reloc
Size: 416B - Virtual size: 408B