5b79c63c9e5fbf522a15189b258002c5

Sharing

Copy URL Twitter E-mail

General

Target

5b79c63c9e5fbf522a15189b258002c5
Size

10KB
MD5

5b79c63c9e5fbf522a15189b258002c5
SHA1

345d65e492bc80715673af498f3d6f45962743ff
SHA256

5bc1618a4ee9edf5c0abb42696d6a62dcb9e79d9107aa8d910ee5c3aa5f2894b
SHA512

9e7082b620bc5bac0d2862ce22e82ac8dd0d4155b9e2a028f9dfd7b571e8002b29ec0abf84a48cb1f43cc6ef02262963d6a4b5401a47ca69ed1111f1c22a75ee
SSDEEP

192:FVeU8kRU232O+6d/8/durQtV73KEv7Pd7jMViyfM:6kD3276e1vV7Dv7PdHMViMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b79c63c9e5fbf522a15189b258002c5

Files

5b79c63c9e5fbf522a15189b258002c5
.sys windows:5 windows x86 arch:x86

742fa11856f289695b59fe2eca89ca8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExQueueWorkItem
IoFreeIrp
IoDeleteDevice
KeInitializeEvent
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeSetEvent
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
RtlCompareUnicodeString
ZwClose
IoGetRelatedDeviceObject
IoCancelIrp
KeQueryInterruptTime
ZwCreateFile
InterlockedDecrement
InterlockedIncrement
PoCallDriver
PoStartNextPowerIrp
ExFreePool
ObfDereferenceObject
IoAllocateIrp
ObfReferenceObject
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoGetDeviceInterfaces
IoRegisterPlugPlayNotification
KeTickCount
KeBugCheckEx
IoFileObjectType
IofCallDriver
IofCompleteRequest
ObReferenceObjectByHandle

hal

ExAcquireFastMutex
ExReleaseFastMutex

battc.sys

BatteryClassStatusNotify
BatteryClassIoctl
BatteryClassInitializeDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 273B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

742fa11856f289695b59fe2eca89ca8b

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

battc.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 273B

.data Size: 128B - Virtual size: 16B

PAGE Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 386B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 273B

.data
Size: 128B - Virtual size: 16B

PAGE
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 386B