4b5b7d1e8e12c65a776f9a2bcb89a867

General

Target

4b5b7d1e8e12c65a776f9a2bcb89a867
Size

41KB
MD5

4b5b7d1e8e12c65a776f9a2bcb89a867
SHA1

fbf43a6c5869419e77098675d6c6149d10fb6fe5
SHA256

11a55b3a26b3ed2c37fc5db0cd405d0faa98e7dc7083ead419da456f773ec8e8
SHA512

514cb0860f830c8efff08491ad584ae3af5dac46bfba61906da29329ddc863645af7f79eb92311bc3f903efe5a125f9f7de5b75ea90fa611d984e3fabaabf119
SSDEEP

768:tsoxjgshYd+NRh6pf9Sk8nP4zmyJ3K8rGiAuNDfvOxyrrF3jK+bfqbZZ:trjThYd+NRU99S3JylD3Oxyrrp9mbZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5b7d1e8e12c65a776f9a2bcb89a867

Files

4b5b7d1e8e12c65a776f9a2bcb89a867
.dll windows:5 windows x86 arch:x86

3ca9c42d2c74e1739efe4914ffda79ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

_wcsicmp
NtAllocateVirtualMemory
_strnicmp
ProbeForRead
PsProcessType
wcscat
IoDeleteSymbolicLink
ExFreePoolWithTag
NtBuildNumber
PsLookupProcessByProcessId
KeInitializeApc
ZwMapViewOfSection
RtlInitUnicodeString
IoDeleteDevice
ProbeForWrite
strchr
KeInsertQueueApc
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
MmUnmapIoSpace
MmBuildMdlForNonPagedPool
IoFreeMdl
KeUnstackDetachProcess
wcslen
KeDelayExecutionThread
strncpy
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
memset
ZwUnmapViewOfSection
ExAllocatePool
PsTerminateSystemThread
_stricmp
strcmp
MmMapIoSpace
ZwClose
IofCompleteRequest
MmProbeAndLockPages
RtlCompareUnicodeString
KeServiceDescriptorTable
MmUnlockPages
ZwQueryInformationProcess
IoCreateSymbolicLink
MmIsAddressValid
ObfDereferenceObject
ZwCreateSection
IoCreateDevice
ZwOpenFile
atol
wcscmp
wcscpy
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupThreadByThreadId
IoAllocateMdl
ZwCreateKey
ZwReadFile
wcsncpy
ZwSetValueKey
ZwCreateFile
ZwQueryValueKey
ZwQueryInformationFile
ZwWriteFile
ZwOpenKey
NtFreeVirtualMemory
MmUnmapLockedPages
IoGetCurrentProcess
memcpy
_except_handler3

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ca9c42d2c74e1739efe4914ffda79ac

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 826B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 826B