5bcf04ae8d36cb77dd19a67d323765f2

General

Target

5bcf04ae8d36cb77dd19a67d323765f2
Size

123KB
MD5

5bcf04ae8d36cb77dd19a67d323765f2
SHA1

4847425587b39e49cf4de2c0ed9ef4d633f8c528
SHA256

18059a1eb00a12c8ad548aa495e96a9a773ffa46bb6656f82b8b44149b247c9a
SHA512

7f033f53d33206297bb5adecf3bfc6148c957b64d01a880d1247297598513c25565147e02db55ac726c3328b7e757a90837f6518576e5a79716e30f4e960ae87
SSDEEP

3072:2YHti4uko5FbHaHjl0Fb+JF6oKP6VxVLfI:2WVuT5RaDl0FCLRa0/LfI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bcf04ae8d36cb77dd19a67d323765f2

Files

5bcf04ae8d36cb77dd19a67d323765f2
.sys windows:5 windows x86 arch:x86

379ecc6463d0c1174c81b4c726f4bfad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

hal

HalGetBusData
IoFreeAdapterChannel
READ_PORT_BUFFER_ULONG
KeAcquireSpinLock
KeRaiseIrqlToDpcLevel
HalClearSoftwareInterrupt
HalStartProfileInterrupt
HalMakeBeep
IoReadPartitionTable
WRITE_PORT_USHORT
HalSetProfileInterval
HalGetEnvironmentVariable

ntoskrnl.exe

RtlMapGenericMask
RtlIpv6AddressToStringW
ExAllocatePool
KeWaitForSingleObject
IoCheckQuotaBufferValidity
IoUnregisterFileSystem
IoAdapterObjectType
IoReleaseRemoveLockAndWaitEx
FsRtlBalanceReads
IoGetFileObjectGenericMapping
FsRtlAllocatePool
CcUnpinData
ExInterlockedPushEntrySList
WRITE_REGISTER_BUFFER_UCHAR
DbgPrint
CcSetAdditionalCacheAttributes
ZwUnloadDriver
PoCallDriver
RtlFreeOemString
CcSetLogHandleForFile
IoAllocateAdapterChannel
NlsOemCodePage
FsRtlDeregisterUncProvider
IoDeleteDevice
CcFlushCache
NtSetSecurityObject
CcRemapBcb
RtlUpcaseUnicodeStringToOemString
IoWMISuggestInstanceName
FsRtlLegalAnsiCharacterArray
CcGetFileObjectFromBcb
IoCheckShareAccess

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

379ecc6463d0c1174c81b4c726f4bfad

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 65KB - Virtual size: 64KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 24B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 65KB - Virtual size: 64KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 24B