5470440da578dbdf50d4434b56831d4c

General

Target

5470440da578dbdf50d4434b56831d4c
Size

29KB
MD5

5470440da578dbdf50d4434b56831d4c
SHA1

e4c03fac8313f68d919e1f2da8a26d781e6624b7
SHA256

77f4cddbc7ada0dbf3de8453315bc7f2e507dca00c944c9af7e2b1b1c94891aa
SHA512

c447e4e14f0d2efb3a36b2eb3991f15b57d44058083cf9f088819e559414df05f69e705de6e5598ff28995c6f114e9b308440c9f71f3ca32644775d8dd340218
SSDEEP

768:YAESoVx/v7s+XgpzEmtXQJyE83PaLMqglF5vZY:YXVx7vXgKmadaaN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5470440da578dbdf50d4434b56831d4c

Files

5470440da578dbdf50d4434b56831d4c
.sys windows:6 windows x86 arch:x86

33640dfc5983dcf219780b0d2aa74b3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

NtBuildNumber
RtlInitUnicodeString
memset
PsLookupProcessByProcessId
IofCompleteRequest
ExFreePoolWithTag
ZwClose
ZwWriteFile
ZwCreateFile
ExAllocatePool
DbgPrint
_except_handler3
memcpy
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
ObReferenceObjectByHandle
ZwOpenThread
ObfReferenceObject
ObfDereferenceObject
IoFreeMdl
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
wcsncmp
ObOpenObjectByName
wcsstr
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExAllocatePoolWithTag
MmIsAddressValid
IoRegisterFsRegistrationChange
KeInitializeMutex
IoAllocateMdl

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33640dfc5983dcf219780b0d2aa74b3e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 460B

.data Size: 21KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 878B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 460B

.data
Size: 21KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 878B