480a9bda331c2cee811920d4fb6d8953

Sharing

Copy URL Twitter E-mail

General

Target

480a9bda331c2cee811920d4fb6d8953
Size

160KB
MD5

480a9bda331c2cee811920d4fb6d8953
SHA1

cbe1edca8926c0a532ed5cb1fe7e81763bf3e5ba
SHA256

c0d51f4ed9dc466923276c16c0ff830ea214cdb73560ca1de453cae8e70ecf13
SHA512

5ac4dc2631ec0fd8b66c58c3cec026e1c639c94cff5f8f33a9a3eecd0cf2761bc04fa91661db454c2a0a0aad3b117318406b0f45d3748df060a6e613a60cbce9
SSDEEP

3072:EKP8m6IhERjurnzB/l95aion5zGUQR0GE+qam1nqNj10WwAUTWG:EKP8DkCktfR0P/1n5KUTJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
480a9bda331c2cee811920d4fb6d8953

Files

480a9bda331c2cee811920d4fb6d8953
.sys windows:5 windows x86 arch:x86

614b4deedb9efd409ab8ca9054c28155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
MmGetSystemRoutineAddress
RtlInitUnicodeString
wcscpy
ExFreePoolWithTag
ZwReadFile
ExAllocatePoolWithTag
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwQueryValueKey
ZwOpenKey
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
_stricmp
ZwUnmapViewOfSection
IofCompleteRequest
KeSetEvent
_except_handler3
KeClearEvent
IoCreateNotificationEvent
ObfDereferenceObject
PsLookupProcessByProcessId
ZwWriteFile
wcscat
PsGetVersion
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
ZwAllocateVirtualMemory
ZwOpenProcess
PsCreateSystemThread
IoCreateDevice

Exports

Exports

?CloseDriverA3@@YGHXZ
?CloseDriverA@@YGHXZ
?CloseDriverW@@YGHXZ
?OpenDriverA2@@YGHXZ
?OpenDriverA@@YGHXZ
?OpenDriverW3@@YGHXZ
?OpenDriverW@@YGHXZ
?StartTM1@@YGHXZ
?StartTM2@@YGHXZ
?StartTM3@@YGHXZ
?StartTM@@YGHXZ

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 384B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

614b4deedb9efd409ab8ca9054c28155

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 640B - Virtual size: 532B

.data Size: 2KB - Virtual size: 2KB

.ndata Size: 128B - Virtual size: 8B

.edata Size: 384B - Virtual size: 376B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 602B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 640B - Virtual size: 532B

.data
Size: 2KB - Virtual size: 2KB

.ndata
Size: 128B - Virtual size: 8B

.edata
Size: 384B - Virtual size: 376B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 602B