7e4cecb92d283ab3e489157dcea43f7f2bf25cfdd9f53d623cff954c1c86eb48

Sharing

Copy URL Twitter E-mail

General

Target

7e4cecb92d283ab3e489157dcea43f7f2bf25cfdd9f53d623cff954c1c86eb48
Size

108KB
MD5

fcf725d83c132719cf8c2059d2af21fc
SHA1

0e47e9e32ad87cdef779ee9762534fbc39dbfa32
SHA256

7e4cecb92d283ab3e489157dcea43f7f2bf25cfdd9f53d623cff954c1c86eb48
SHA512

05d1f1afcb8fdb9de9cb5629c1e23f82538f09e6337aea06d8648868017b6cfcc1301fe8808f67d3cdfd8feff11ef55e2f0fe813361ec592bbad592a1eaa230d
SSDEEP

3072:0fzq02Ky7ZAJpIN8oKJF9qZsdj2AndFTo04Po:oqJHyps8jF9wsdyIFU0z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e4cecb92d283ab3e489157dcea43f7f2bf25cfdd9f53d623cff954c1c86eb48

Files

7e4cecb92d283ab3e489157dcea43f7f2bf25cfdd9f53d623cff954c1c86eb48
.sys windows:10 windows x86 arch:x86

b3180bce588baf762c0f55a963ba46ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlGetVersion
KeQuerySystemTime
ExAllocatePool
ExFreePoolWithTag
ProbeForRead
ProbeForWrite
CmRegisterCallback
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoGetCurrentProcess
IoRegisterShutdownNotification
ZwCreateKey
ZwSetValueKey
RtlVolumeDeviceToDosName
PsSetCreateProcessNotifyRoutineEx
PsGetProcessCreateTimeQuadPart
PsGetProcessId
ZwOpenProcess
KeAttachProcess
KeDetachProcess
PsLookupProcessByProcessId
IoGetDiskDeviceObject
FsRtlIsNameInExpression
ZwQueryInformationProcess
_alldiv
RtlInitUnicodeString
ZwReadFile
ZwDeleteFile
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoAttachDeviceToDeviceStackSafe
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ObfDereferenceObject
ZwCreateFile
FsRtlRegisterFileSystemFilterCallbacks
IoGetDeviceAttachmentBaseRef
KeGetCurrentThread
IoAllocateIrp
IoCreateFile
IoFreeIrp
RtlAppendUnicodeToString
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
IoFileObjectType
KeDelayExecutionThread
IoGetAttachedDeviceReference
PsGetCurrentProcessId
IoGetLowerDeviceObject
ObQueryNameString
strcat_s
_strnicmp
wcscat_s
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ExAllocatePoolWithTag
ZwOpenKey
ZwQueryValueKey
MmIsAddressValid
_wcsnicmp
RtlDowncaseUnicodeString
KeStackAttachProcess
KeUnstackDetachProcess
PsIsThreadTerminating
PsLookupThreadByThreadId
ZwAllocateVirtualMemory
PsGetProcessImageFileName
PsGetProcessPeb
ZwQuerySystemInformation
KeInitializeApc
KeInsertQueueApc
KeTestAlertThread
IoCreateSymbolicLink
IoDeleteSymbolicLink
ExEventObjectType
RtlUnicodeToUTF8N
strncpy_s
RtlCompareMemory
ZwSetInformationFile
FsRtlIsDbcsInExpression
_vsnwprintf
KeBugCheckEx
wcsncmp
RtlUnwind
wcscpy_s
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlUnicodeStringToAnsiString
memcpy
ZwQuerySymbolicLinkObject
ZwQueryInformationFile
ZwOpenSymbolicLinkObject
memcpy_s
KeQueryTimeIncrement
ObReferenceObjectByHandleWithTag
ObCloseHandle
ZwOpenFile
ZwEnumerateKey
ZwQueryKey
ZwQueryFullAttributesFile
IoCreateFileEx
SeQueryAuthenticationIdToken
PsReferencePrimaryToken
IoQueryFileDosDeviceName
MmFlushImageSection
ZwWaitForSingleObject
_allmul
KeTickCount
tolower
strncmp
RtlCharToInteger
sprintf
ObfReferenceObject
LsaFreeReturnBuffer
PsCreateSystemThread
PsTerminateSystemThread
ZwDeleteKey
ZwFlushKey
KeResetEvent
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
IoCancelIrp
IoFreeMdl
IoReuseIrp
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoSetDeviceInterfaceState
IoGetDeviceInterfaces
RtlAppendStringToString
ZwLoadKey
ZwUnloadKey
strcpy_s
strchr
_stricmp
memset
_vsnprintf
ZwFlushBuffersFile
ZwClose

hal

ExReleaseFastMutex
KfAcquireSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
ExAcquireFastMutex
KfReleaseSpinLock

netio.sys

WskDeregister
WskQueryProviderCharacteristics
WskReleaseProviderNPI
WskCaptureProviderNPI
WskRegister

ksecdd.sys

GetSecurityUserInfo

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3180bce588baf762c0f55a963ba46ec

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

netio.sys

ksecdd.sys

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 656B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 656B

.reloc
Size: 2KB - Virtual size: 2KB