38d68ce3a3fb04980b5f2f4c87cb0be0

Sharing

Copy URL

Twitter E-mail

General

Target

38d68ce3a3fb04980b5f2f4c87cb0be0
Size

47KB
MD5

38d68ce3a3fb04980b5f2f4c87cb0be0
SHA1

78e18aa1df1d9d183db630f73983b500a92fd172
SHA256

403b0bda73b91af5aff4de1f742541e46574412d374d996230085acc00a3f638
SHA512

25d870bf1085cc2d7728df61f099eeb3bdd9f8249174f73b636bc9181b05e45dd177ed4319fe8920425bfee70de3c272d4c94aa836cb4d2534eca3fe965a33be
SSDEEP

384:AVOpVmTYx/WzJk12PBOQCh3c8Ihuz95u+ns4aJoBJd2diOmdu:AVcN4OFM8tm4aJoBzQKu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38d68ce3a3fb04980b5f2f4c87cb0be0

Files

38d68ce3a3fb04980b5f2f4c87cb0be0
.sys windows:4 windows x86 arch:x86

00f2753fba5dceefc01c25cd43f9a20a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
RtlSetTimeZoneInformation
ZwUnloadKey
KdPollBreakIn
Exfi386InterlockedDecrementLong
RtlDecompressFragment
FsRtlRemoveLargeMcbEntry
NtReadFile
ZwResetEvent
CcScheduleReadAhead
ZwSetSystemTime
KeI386FlatToGdtSelector
RtlLargeIntegerShiftLeft
ExEventObjectType
RtlCreateRegistryKey
MmMapLockedPages
InterlockedCompareExchange
KdPollBreakIn
KiIpiServiceRoutine
ObCreateObject
PsEstablishWin32Callouts
IoStartPacket
NtQuerySecurityObject
FsRtlInitializeTunnelCache
ZwOpenProcess
ExQueueWorkItem
SeAccessCheck
ExReleaseResourceForThreadLite
SePrivilegeCheck
RtlLargeIntegerArithmeticShift
vsprintf
IoInitializeIrp
RtlUshortByteSwap
KeInitializeMutex
SeReleaseSecurityDescriptor
FsRtlLookupLargeMcbEntry
MmProbeAndLockPages
IoCreateNotificationEvent
SeFreePrivileges
_strset
IoCreateSynchronizationEvent
IoIsSystemThread
KeInsertQueueApc
RtlTimeToSecondsSince1970
KeSetTimeIncrement
IoStartNextPacket
KeSetTimer
towlower
RtlUnicodeStringToOemSize
FsRtlInitializeTunnelCache
PsChargePoolQuota
ZwCreateSection
RtlGetAce
FsRtlMdlReadComplete
ExfInterlockedPopEntryList
RtlNtStatusToDosError
KeInitializeMutant
IoSetThreadHardErrorMode
ZwSetSystemTime
RtlGetFirstRange
FsRtlNotifyFullReportChange
RtlEqualString
IofCallDriver
RtlCopyRangeList
RtlFindMessage
KeStackAttachProcess
IoFreeIrp
SeRegisterLogonSessionTerminatedRoutine
NtNotifyChangeDirectoryFile
RtlTimeToTimeFields
ExAcquireSharedStarveExclusive
RtlAreAllAccessesGranted
KeInitializeSemaphore
MmSetAddressRangeModified
KeInsertHeadQueue
NtQueryDirectoryFile
NtAllocateVirtualMemory

hal

HalAllocateCommonBuffer
IoFreeMapRegisters
WRITE_PORT_BUFFER_ULONG
HalGetEnvironmentVariable
HalSetEnvironmentVariable
HalSystemVectorDispatchEntry
IoMapTransfer
HalMakeBeep
IoWritePartitionTable
READ_PORT_BUFFER_USHORT
IoReadPartitionTable
WRITE_PORT_UCHAR
HalReadDmaCounter
HalClearSoftwareInterrupt
HalSetBusData
WRITE_PORT_ULONG
HalReadDmaCounter
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalMakeBeep
KfReleaseSpinLock
HalRequestIpi
WRITE_PORT_BUFFER_UCHAR
KeGetCurrentIrql
KeAcquireQueuedSpinLockRaiseToSynch
HalInitSystem
HalAcquireDisplayOwnership
IoFreeMapRegisters
KeLowerIrql
WRITE_PORT_ULONG
HalReturnToFirmware
IoFreeMapRegisters
KeStallExecutionProcessor
IoFreeMapRegisters
WRITE_PORT_UCHAR
KfRaiseIrql
IoSetPartitionInformation
HalHandleNMI
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_ULONG
HalAllocateCrashDumpRegisters
HalAllocateCrashDumpRegisters
HalInitSystem
READ_PORT_BUFFER_UCHAR
KeGetCurrentIrql
IoFlushAdapterBuffers
HalSetBusDataByOffset
KeReleaseQueuedSpinLock
KeReleaseSpinLock
HalReportResourceUsage
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
HalReportResourceUsage
HalSetBusData
HalQueryRealTimeClock
READ_PORT_ULONG
READ_PORT_ULONG
HalSetBusDataByOffset
HalSetTimeIncrement
HalCalibratePerformanceCounter
HalGetBusDataByOffset
HalSetTimeIncrement
HalInitializeProcessor
KfRaiseIrql
READ_PORT_USHORT
HalHandleNMI
HalMakeBeep
READ_PORT_UCHAR
HalAssignSlotResources
HalQueryRealTimeClock
ExReleaseFastMutex
HalAssignSlotResources
HalReturnToFirmware
IoReadPartitionTable
HalAllocateAdapterChannel

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00f2753fba5dceefc01c25cd43f9a20a

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 40KB - Virtual size: 40KB

INIT Size: 128B - Virtual size: 128B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 32B - Virtual size: 32B

.rdata Size: 4KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

INIT
Size: 128B - Virtual size: 128B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 32B - Virtual size: 32B

.rdata
Size: 4KB - Virtual size: 4KB