41551bb24912039345e9723e1d196266

General

Target

41551bb24912039345e9723e1d196266
Size

11KB
MD5

41551bb24912039345e9723e1d196266
SHA1

07fa5539034bca87e46cdb1652104f55bc80a397
SHA256

7e9ae4e1351b8f7833691e77a316bcefe2b5051b9fbd3ff4a8abf3000a359f33
SHA512

99c5b40f0f86f10fcd1a37cacb9583c6cb5b769937f695c97713baccc7b2abb09c8b9c03e386f7b5423bc6ec826a65f8226b1005cecf8d9b8632781df672269f
SSDEEP

96:vKHpVQ1dqCOwbV1vS3yj+SJs6hU0q16KBHSMJ8JNbmBURNxTRH84ZcauoJUdkWCe:SHpS1dqp+wNyeCBc4qau+WCbW+0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41551bb24912039345e9723e1d196266

Files

41551bb24912039345e9723e1d196266
.sys windows:5 windows x86 arch:x86

c64d5ec7abead4a495e57f63a0119a03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
sprintf
ExFreePool
ZwQueryValueKey
ZwOpenKey
ExAllocatePoolWithTag
IoRegisterDriverReinitialization
RtlFreeAnsiString
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
_strlwr
RtlUnicodeStringToAnsiString
wcsrchr
_wcslwr
ZwEnumerateKey
ZwSetValueKey
strncmp
IoGetCurrentProcess
_except_handler3
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_snwprintf
KeDelayExecutionThread
_stricmp
strncpy
PsLookupProcessByProcessId
wcslen
ZwCreateKey
wcscat
MmIsAddressValid
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
KeTickCount
KeBugCheckEx

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c64d5ec7abead4a495e57f63a0119a03

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 388B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 460B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 388B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 460B