58e4a60104ed416db9e90d7eb41146d8

General

Target

58e4a60104ed416db9e90d7eb41146d8
Size

18KB
MD5

58e4a60104ed416db9e90d7eb41146d8
SHA1

3fc0b508a588b95bd654cf45341b597038412374
SHA256

026e09e7dc59c68fc8d0f586aa3e89ca3ed3714e414fbdcca50c9c9534befd24
SHA512

6327fda90aedcf8baf25452ae7103dd4c1187d6fc5f49514a2e0c15b5eb0f4eb330a981dc0221c694994af2feca8d9c63114f2910a880f457c6b8b185dcfc61c
SSDEEP

192:eUPf9ssk/DgD82ON9bL4od/Ge6fTh67/Ff2Cleuznp6Qb3c8ogDnp2sswVXx1:3fSrgD+N9QoGeo9AM+euwQ48hN2oh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58e4a60104ed416db9e90d7eb41146d8

Files

58e4a60104ed416db9e90d7eb41146d8
.sys windows:5 windows x86 arch:x86

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
_strupr
ExFreePoolWithTag
ExAllocatePoolWithTag
wcscpy
wcscmp
wcslen
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
IofCompleteRequest
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
swprintf
strchr
wcsncmp
RtlAssert

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1024B - Virtual size: 968B

.rsrc Size: 128B - Virtual size: 16B

.reloc Size: 896B - Virtual size: 820B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 968B

.rsrc
Size: 128B - Virtual size: 16B

.reloc
Size: 896B - Virtual size: 820B