5bc1691392db32c0e4bcc1db2d70f7bc

Sharing

Copy URL Twitter E-mail

General

Target

5bc1691392db32c0e4bcc1db2d70f7bc
Size

126KB
MD5

5bc1691392db32c0e4bcc1db2d70f7bc
SHA1

7c657ac8ad03e51a435511fa709b4f815d827318
SHA256

a9cdb0f1fb00b2a3f9a1cfc82e40893a76de55a70defd622992445521c810d3c
SHA512

f45a43ac8ec58879cd68f9f1cf719cca03d35be0083f9d6b8127f00efd79f7c9cf18d06f38900984d70d2590f51d81ef3c702018c9c9c46af4ce324ddf3b7774
SSDEEP

3072:J3c+YKtw62NAk0JyHeUfTFgecgbG+lY4NUUo8dTWJ:J3ctKp2ND+UfhgecmG2bnTW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bc1691392db32c0e4bcc1db2d70f7bc

Files

5bc1691392db32c0e4bcc1db2d70f7bc
.sys windows:5 windows x86 arch:x86

0b924c4781d9b1e25b4be9b484abdd75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
IoDeleteDevice
KeSetEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
sprintf
IoCreateDevice
RtlFreeUnicodeString
PsCreateSystemThread
KeInitializeSpinLock
KeQuerySystemTime
strncpy
strncmp
MmIsAddressValid
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
IoAllocateMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
KeInitializeEvent
KeDelayExecutionThread
ZwWriteFile
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwQuerySystemInformation
ZwClose
ExAllocatePool
ExFreePool
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
ZwOpenDirectoryObject
ZwQueryValueKey
isdigit
ZwQueryDirectoryObject
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
strchr
RtlInitUnicodeString
RtlTimeToTimeFields
PsTerminateSystemThread
KeTickCount
ZwFlushKey
ZwDeleteKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
ExSystemTimeToLocalTime
toupper
isspace
RtlAnsiStringToUnicodeString
tolower
RtlImageDirectoryEntryToData
strstr
memcpy
memset
_except_handler3
_allmul
_alldiv
_allrem

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

n8@w2,`c
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8Mh*,."
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

M(t;H"80
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

&i5A0Sp&
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

h;vh0[J^
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

O' WqEQF
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

Ze/0G#yw
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

s`0mG\ %
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b924c4781d9b1e25b4be9b484abdd75

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

n8@w2,`c Size: - Virtual size: 134KB

8Mh*,." Size: - Virtual size: 18KB

M(t;H"80 Size: - Virtual size: 25KB

&i5A0Sp& Size: - Virtual size: 1KB

h;vh0[J^ Size: - Virtual size: 8KB

O' WqEQF Size: - Virtual size: 10KB

Ze/0G#yw Size: 124KB - Virtual size: 124KB

s`0mG\ % Size: 512B - Virtual size: 92B

n8@w2,`c
Size: - Virtual size: 134KB

8Mh*,."
Size: - Virtual size: 18KB

M(t;H"80
Size: - Virtual size: 25KB

&i5A0Sp&
Size: - Virtual size: 1KB

h;vh0[J^
Size: - Virtual size: 8KB

O' WqEQF
Size: - Virtual size: 10KB

Ze/0G#yw
Size: 124KB - Virtual size: 124KB

s`0mG\ %
Size: 512B - Virtual size: 92B