5a4b0c26623a1da298fada6b41f7f74f

Sharing

Copy URL Twitter E-mail

General

Target

5a4b0c26623a1da298fada6b41f7f74f
Size

38KB
MD5

5a4b0c26623a1da298fada6b41f7f74f
SHA1

7357fdfd82b587af157bb9fc2a427f9c3eb8d850
SHA256

786dde5a5cb240773045762f22c805a63744393dc741672afd172c0d7c45d21a
SHA512

136ee5aeae530a3ad39e76a5724ff94c7cd54b6954917f56002f5a97e834121798b235dd1816f7763a0638a3100dfbc14f0b7cab8ec0a719664507a512f9505c
SSDEEP

192:X0TvQGvRrYPgNGC/6o6ZIzXbGI0WwYp7UDRA4yOTp2hyIOgdLrGdAGV418:iQGvRk4m3ITyvWr7MA49irxHGiGVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a4b0c26623a1da298fada6b41f7f74f

Files

5a4b0c26623a1da298fada6b41f7f74f
.sys windows:5 windows x86 arch:x86

615f951f976673c434bc2e38e971762f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
strncpy
ZwDeleteKey
ZwEnumerateKey
ZwOpenKey
IoGetRelatedDeviceObject
ZwCreateFile
ZwReadFile
ZwQueryInformationFile
swprintf
KeWaitForSingleObject
KeInsertQueueApc
KeInitializeApc
KeClearEvent
ObfDereferenceObject
PsLookupThreadByThreadId
IoFreeMdl
KeDetachProcess
MmMapLockedPages
KeAttachProcess
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
wcstombs
KeInitializeMutex
NtSetInformationProcess
ObReferenceObjectByHandle
PsLookupProcessByProcessId
KeReleaseMutex
IofCompleteRequest
ProbeForRead
_strnicmp
PsSetCreateProcessNotifyRoutine
KeInitializeEvent
KeInitializeSpinLock
ExInitializeNPagedLookasideList
KeSetEvent
KeServiceDescriptorTable
MmProbeAndLockPages
ObfReferenceObject
SeDeleteAccessState
RtlCopyUnicodeString
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
KeGetCurrentThread
ObCreateObject
IoFileObjectType
IoFreeIrp
IoAllocateIrp
ZwOpenFile
wcslen
IoReuseIrp
IoGetDeviceObjectPointer
ProbeForWrite
_except_handler3
_wcsnicmp
ZwQuerySystemInformation
_stricmp
ExFreePoolWithTag
wcscpy
PsGetCurrentProcessId
wcsncpy
_wcslwr
wcsstr
ExAllocatePoolWithTag
PsCreateSystemThread
ZwClose
KeDelayExecutionThread
RtlInitUnicodeString
ZwCreateEvent
wcschr
PsTerminateSystemThread

hal

ExReleaseFastMutex
ExAcquireFastMutex

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 493B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

615f951f976673c434bc2e38e971762f

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 493B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 493B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB