50e2dfc464671f0e9e10c4b93ead07f1

General

Target

50e2dfc464671f0e9e10c4b93ead07f1
Size

9KB
MD5

50e2dfc464671f0e9e10c4b93ead07f1
SHA1

bb62e13803f14329aefbae64820170d17c8b0a31
SHA256

e0cd60f2a7c509143173b6b32b5365f9efd0439b47273fab0338e61d5d010dfc
SHA512

32a7acc6d297654a2b0b11d780479efbb3765d9ee105924b16ee9db39b46277a8fe8c604edc8eac7897fc28a7f09a1d1748e5b6785e860558f9d758a9bab47c7
SSDEEP

192:YsBleguNMQQQGLyj7f0TxHUA+B4/Qpr7OxRg1NboxGX:NBYTMjBLo7E1Up44NsRo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50e2dfc464671f0e9e10c4b93ead07f1

Files

50e2dfc464671f0e9e10c4b93ead07f1
.sys windows:5 windows x86 arch:x86

1dc601ac6385d36293846ce12c56f6a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwDeviceIoControlFile
ZwQueryDirectoryFile
strncmp
IoGetCurrentProcess
DbgPrint
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_stricmp
ZwClose
ZwUnmapViewOfSection
wcscmp
_except_handler3
PsGetVersion
ObfDereferenceObject
wcsstr
ProbeForRead
ZwQuerySystemInformation
MmIsAddressValid
KeAttachProcess
PsLookupProcessByProcessId
ZwEnumerateKey
ZwCreateKey
ZwSetValueKey
strncpy
IoDeleteSymbolicLink
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeAnsiString
RtlCompareMemory
RtlUnicodeStringToAnsiString
IofCompleteRequest
ExAllocatePoolWithTag
strncat
KeDetachProcess
ExFreePool

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 448B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dc601ac6385d36293846ce12c56f6a5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 352B - Virtual size: 340B

.data Size: 448B - Virtual size: 448B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 672B - Virtual size: 646B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 352B - Virtual size: 340B

.data
Size: 448B - Virtual size: 448B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 672B - Virtual size: 646B