4b7bc07ceb073e8a37ca85ce2f4b1e42

General

Target

4b7bc07ceb073e8a37ca85ce2f4b1e42
Size

66KB
MD5

4b7bc07ceb073e8a37ca85ce2f4b1e42
SHA1

afdaa76c186c650e275da813e1ce450a2b3ce3f3
SHA256

542bce6778945fa022d6bbff4c2e6c2ab0082c3eec41b28884fcdf01f6965e31
SHA512

fe6092ea1fe54683709742328bb4f01e40134882ee3ca5153446ba47b88bcb5b3bc062b79b9c37f77303bf331fe1e5e043911096fc645a973405c61195560fff
SSDEEP

1536:azTp4AdaT9EAiXkBPY4s+EK01gfnlYwIWL1BdpUDnWC6apaFB6tB:7nhEAeoPj0mfnWzu1B0paf4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b7bc07ceb073e8a37ca85ce2f4b1e42

Files

4b7bc07ceb073e8a37ca85ce2f4b1e42
.dll windows:4 windows x86 arch:x86

261d038531854f0af3f45dd1a2cc1854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

NtConnectPort
KeInitializeSemaphore
IoAllocateWorkItem
PoUnregisterSystemState
ZwDuplicateObject
FsRtlReleaseFile
NtAddAtom
RtlImageNtHeader
ExFreePool
MmMapViewInSessionSpace
memcpy
ZwFlushInstructionCache
RtlPrefixUnicodeString
ExInterlockedAddUlong
KeEnterKernelDebugger
_strnset
KeRemoveByKeyDeviceQueue
WRITE_REGISTER_ULONG
ExAllocatePool
CcPurgeCacheSection
IoGetAttachedDeviceReference

classpnp.sys

ClassSendSrbSynchronous
ClassReadDriveCapacity
ClassSplitRequest
ClassReleaseQueue
ClassFindModePage
ClassDebugPrint
ClassSendIrpSynchronous
ClassSendDeviceIoControlSynchronous
ClassUpdateInformationInRegistry
ClassInitializeMediaChangeDetection
ClassReleaseChildLock
ClassCleanupMediaChangeDetection
ClassGetDescriptor

hal

HalQueryRealTimeClock
HalHandleNMI
KeReleaseQueuedSpinLock
HalCalibratePerformanceCounter
HalAllocateCommonBuffer
HalFreeCommonBuffer
KfRaiseIrql
HalAdjustResourceList

Exports

Exports

LmmFgvxGrnuCht
TpObwlslvIpuronbNvdvxxDh
IdxLbjezAekbfkaMjvqqe
Vrpxcf
YjxcpJvxdfbrBov

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

261d038531854f0af3f45dd1a2cc1854

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 58KB - Virtual size: 138KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 38B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 58KB - Virtual size: 138KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 38B