3beac19d077bc3e74140ef76b6ca758a

General

Target

3beac19d077bc3e74140ef76b6ca758a
Size

35KB
MD5

3beac19d077bc3e74140ef76b6ca758a
SHA1

e28c702f77f25261c968f36069ffefca45522af9
SHA256

e71d997057ab0829339290974da86e70a15055d3476f1a9cd5b86d2ab731f3be
SHA512

c803be80b68b0d49a5808a59d0fb214358e42eee0aaee7e6667f796c0c711989415141e222284f60b77d37c51fea0f1f15af16151fc2a42a435ea60ec75b9256
SSDEEP

768:rP2o2K4CIgo3PbhIHPrynXJO5YBUUccEOO4JNN1paRd0+uVP8ge:rt2vCIj/dCrsJzBUUEO1JNdaRd0+MEge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3beac19d077bc3e74140ef76b6ca758a

Files

3beac19d077bc3e74140ef76b6ca758a
.sys windows:4 windows x86 arch:x86

5539282822611b0b3600cd9e96927cf4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
wcslen
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
_wcsicmp
wcsncpy
wcsrchr
_wcsnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
swprintf
wcscat
wcscpy
KeTickCount
ExFreePool
ExAllocatePoolWithTag
_snwprintf
wcsstr
_wcslwr
RtlCopyUnicodeString
RtlCompareUnicodeString
ObQueryNameString
strncpy
PsLookupProcessByProcessId
_stricmp
IoDeviceObjectType
strncmp
IoGetCurrentProcess
ZwSetInformationFile
ZwCreateFile
ZwCreateKey
MmGetSystemRoutineAddress
_snprintf
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
wcschr
KeQueryTimeIncrement
IofCompleteRequest
IoRegisterDriverReinitialization
PsCreateSystemThread
KeDelayExecutionThread

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5539282822611b0b3600cd9e96927cf4

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 6KB - Virtual size: 5KB

PAGE Size: 96B - Virtual size: 96B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 640B - Virtual size: 616B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 6KB - Virtual size: 5KB

PAGE
Size: 96B - Virtual size: 96B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 640B - Virtual size: 616B

.reloc
Size: 1KB - Virtual size: 1KB