41480f56c60210e7b0bd2a92b240250b

Sharing

Copy URL Twitter E-mail

General

Target

41480f56c60210e7b0bd2a92b240250b
Size

43KB
MD5

41480f56c60210e7b0bd2a92b240250b
SHA1

b43ddd6bd82961eae16b02562d857b6b270691b4
SHA256

f94887f76b44240d74db6dbb5257ccbc5ba8fb06511a60fbf8c08744ed82f3d5
SHA512

7fbf1eec57bac9fa0e10ab253294359d9ee5cdb1e5a97a57abfaa7cc004c9e7ad570139c5fefeb29a7b615ec52b3e1ea9e6e2d41658940bd9252ea77143b0f8b
SSDEEP

768:xSAhREb0/427pQuQynZZNHnuxyhV5Ddqz5yZDh/5SuWQkpYf6V7:xhRf7pT5uUlJq1Oh/5m7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41480f56c60210e7b0bd2a92b240250b

Files

41480f56c60210e7b0bd2a92b240250b
.dll windows:5 windows x86 arch:x86

8884cb681a3171f5d963eaa277827ca3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

CcCopyWrite
RtlInsertUnicodePrefix
SeDeleteObjectAuditAlarm
PsGetVersion
RtlFindNextForwardRunClear
CcPreparePinWrite
KeInitializeEvent
RtlAreBitsSet
KeInitializeDeviceQueue
RtlSetAllBits
RtlRemoveUnicodePrefix
ObGetObjectSecurity
FsRtlNotifyUninitializeSync
MmIsAddressValid
ExAcquireResourceSharedLite
RtlStringFromGUID
RtlEqualSid
RtlFindUnicodePrefix
FsRtlNotifyInitializeSync
IoGetDriverObjectExtension
RtlCharToInteger
ExRaiseDatatypeMisalignment

Exports

Exports

?epZzTksdfHGXiefFh@@YGKDI@Z
?xdhjqjvyxs@@YGPAFI@Z

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 127B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbgdir
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8884cb681a3171f5d963eaa277827ca3

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 678B

.edata Size: 512B - Virtual size: 127B

.dbgdir Size: 512B - Virtual size: 512B

.dbg Size: 512B - Virtual size: 512B

INIT Size: 9KB - Virtual size: 9KB

INIT Size: 512B - Virtual size: 454B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 678B

.edata
Size: 512B - Virtual size: 127B

.dbgdir
Size: 512B - Virtual size: 512B

.dbg
Size: 512B - Virtual size: 512B

INIT
Size: 9KB - Virtual size: 9KB

INIT
Size: 512B - Virtual size: 454B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 1KB - Virtual size: 1KB