4a8e7dbe7aa43192a0d7ec67bef2432b

General

Target

4a8e7dbe7aa43192a0d7ec67bef2432b
Size

5.3MB
MD5

4a8e7dbe7aa43192a0d7ec67bef2432b
SHA1

9b1e94085f14bbc2c3683df0ac553505bccd47f5
SHA256

e64552726e83e39e5eec9b76be502f0b3a9ab1b3c0d608f3cbb24fbba28335ae
SHA512

45ac1961e4215a09fdd856b41f3545da7e12502c34f43b5d4e9ce7033b5bb542b237affce925925c5bc49c8d8e719296b3f56781fbc99373e778bb35e9a3b001
SSDEEP

24576:GPhKqTEQCHWJBi3lD61L6xcBJQ3XW5xN4ars3eVtZdEmm1lzhFSWgWI5DbE46tNc:kKqTE12JR6xH3mXxrYhmTrhmT4yA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a8e7dbe7aa43192a0d7ec67bef2432b

Files

4a8e7dbe7aa43192a0d7ec67bef2432b
.sys windows:5 windows x86 arch:x86

73043eec508eb123a2a5c443376b4c05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcscpy
wcslen
strcpy
strlen
_except_handler3
memcpy
ExAllocatePool
ExFreePoolWithTag
strstr
_strupr
strcmp
strncpy
strcat
_stricmp
memset
tolower
_strlwr
strncat
strrchr
strchr
_strnicmp
strncmp
wcsncpy
wcsrchr
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwClose
ZwQueryInformationFile
ZwOpenFile
RtlAppendUnicodeStringToString
RtlInitUnicodeString
ZwSetInformationFile
wcsncmp
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
IofCompleteRequest
ZwQueryValueKey
RtlFreeUnicodeString
ZwOpenKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfDereferenceObject
IoGetDeviceObjectPointer
KeReadStateEvent
MmIsAddressValid
_allmul

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73043eec508eb123a2a5c443376b4c05

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 512B - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 128KB - Virtual size: 128KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 128KB - Virtual size: 128KB