455abd1b094ed2da571ca78bffcba2c5

General

Target

455abd1b094ed2da571ca78bffcba2c5
Size

10KB
MD5

455abd1b094ed2da571ca78bffcba2c5
SHA1

8d4e221287d782d40685ef2c4c92c0a0ed741879
SHA256

48ee250dc1c0d04dbb5cae3272fb49ac9722315c59157a9415a647f98fe75de9
SHA512

410b40c818d5434879e8fbf16c8238bdb04d2dd74df55869aaeeafae2fad39913b4ab8b3404b340dbdcf60938b5d8a7a7baf06e999c29dcbfacfc8d5ab44a918
SSDEEP

192:0xwnTrve9kzuy6lTyMaD5OPWSz6g86u8:eGTjskzxwwwPWSz6g818

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
455abd1b094ed2da571ca78bffcba2c5

Files

455abd1b094ed2da571ca78bffcba2c5
.sys windows:5 windows x86 arch:x86

eebe5574b486b5aecf953c95f134fa45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
DbgPrint
IofCompleteRequest
KeDelayExecutionThread
ZwClose
ExFreePoolWithTag
IoDeleteDevice
IoUnregisterShutdownNotification
IoDeleteSymbolicLink
RtlInitUnicodeString
wcscpy
wcslen
wcscat
PsCreateSystemThread
ZwYieldExecution
IoRegisterShutdownNotification
IoCreateSymbolicLink
ZwOpenKey
RtlCopyUnicodeString
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwAdjustPrivilegesToken
ZwOpenFile
KeServiceDescriptorTable
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
RtlFreeUnicodeString
swprintf
RtlQueryRegistryValues
ZwDeviceIoControlFile
ZwQueryValueKey
IoCreateDevice
ZwSetValueKey

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eebe5574b486b5aecf953c95f134fa45

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 488B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 488B