4bc8a8ad2613a0961766b93e104444e0

Sharing

Copy URL

Twitter E-mail

General

Target

4bc8a8ad2613a0961766b93e104444e0
Size

20KB
MD5

4bc8a8ad2613a0961766b93e104444e0
SHA1

18ddeda96832a7d724bd0600bc82cafd968ec0d2
SHA256

17e88440280c1be33536eb6416b1fa17c97351c736f65c82961620570591fdc4
SHA512

447e986cadae9c9084621665414f3569c7d4abba475f7ef975efcf01380d948894cd3bce3a8d17cc35c2d2ad82fada63823add9f113ea46927f9685296b93283
SSDEEP

384:P+D69s92ysE4zksmM4sIamFt3N65YSAveeCOmkNlYF8eO18N4PKRypr47HS9Wf9U:P+e9b+4zks3v6ur6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bc8a8ad2613a0961766b93e104444e0

Files

4bc8a8ad2613a0961766b93e104444e0
.sys windows:5 windows x86 arch:x86

0495d9b82252fa491d8107589194850c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IoCreateSymbolicLink
RtlFreeUnicodeString
ZwQuerySystemInformation
RtlInitUnicodeString
MmUserProbeAddress
ZwReadFile
ZwWriteFile
ZwCreateFile
ZwQueryInformationProcess
ZwPulseEvent
strncmp
IoGetCurrentProcess
_strlwr
_strupr
strrchr
IoDeleteDevice
IoDeleteSymbolicLink
ZwClose
IofCompleteRequest
_stricmp
IoCreateDevice
_except_handler3

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t2ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t1ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0495d9b82252fa491d8107589194850c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 864B - Virtual size: 864B

.data Size: 8KB - Virtual size: 8KB

.t2ata Size: 256B - Virtual size: 256B

.t1ata Size: 512B - Virtual size: 512B

.rata Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 634B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 864B - Virtual size: 864B

.data
Size: 8KB - Virtual size: 8KB

.t2ata
Size: 256B - Virtual size: 256B

.t1ata
Size: 512B - Virtual size: 512B

.rata
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 634B