55554c4b0ebeb8bd8fe923efee87cbd3

Sharing

Copy URL Twitter E-mail

General

Target

55554c4b0ebeb8bd8fe923efee87cbd3
Size

45KB
MD5

55554c4b0ebeb8bd8fe923efee87cbd3
SHA1

f0d98de41371599b661d887172f3092d3f08aa20
SHA256

e4bf37ede87af37d1c5084d8ab0090ced148d7acd2ed04d9a7c792477cf665ce
SHA512

92be048f7049d0dc6dc39a356f5325d21e43b73c0cae747dc394c3b33192985d0b0866863a1aa87bf570e2c94be3e0c4466b5fc75c892b40bdba48ca6a2e1708
SSDEEP

768:OWZpjPSiKky0GyCvXoNOwDOKt9vaZHXVnJfx51hcpYtz8CX3ETI2SdpabLsO:OOpj1iZnwDHjknJfRhPNEEBws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55554c4b0ebeb8bd8fe923efee87cbd3

Files

55554c4b0ebeb8bd8fe923efee87cbd3
.sys windows:4 windows x86 arch:x86

1423615f55c4440409454a02c88532a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
memmove
ExInitializeResourceLite
ExAcquireResourceSharedLite
KeCancelTimer
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
_purecall
KeInitializeDpc
KeSetTimer
ExDeleteResourceLite
ExRaiseStatus
KeInitializeTimer
MmUnlockPages
IoFreeMdl
ObfDereferenceObject
IoBuildDeviceIoControlRequest
ZwCreateFile
IoAllocateMdl
ZwClose
IofCallDriver
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
MmProbeAndLockPages
KeInitializeEvent
IoAllocateIrp
IoCreateDevice
KeDelayExecutionThread
KeQuerySystemTime
ZwEnumerateKey
IofCompleteRequest
IoDeleteDevice
ZwOpenKey
MmGetSystemRoutineAddress
PsGetVersion
ZwSetValueKey
RtlCopyUnicodeString
RtlUnicodeStringToInteger
ExUuidCreate
strchr
isxdigit
sprintf
isdigit
KeSetEvent
ZwWriteFile
PsTerminateSystemThread
PsThreadType
KeWaitForMultipleObjects
PsCreateSystemThread
rand
KeSetTimerEx
RtlUpperString
strstr
ExSystemTimeToLocalTime
RtlTimeToTimeFields
atoi
ExFreePoolWithTag
ZwQueryValueKey
srand
DbgPrint
_except_handler3
memcpy
_alldiv
memset
_allmul

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1423615f55c4440409454a02c88532a9

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 216B

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 216B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 2KB - Virtual size: 1KB