688926302366d2859378586cb7d6ec72

General

Target

688926302366d2859378586cb7d6ec72
Size

51KB
MD5

688926302366d2859378586cb7d6ec72
SHA1

da3ed67e2ed0c7d6c57b81684fc97f8067233a86
SHA256

ed9dc2c13d546215fed68a7bb673bc6b5aee43d554ce500afd286f20e9b1197a
SHA512

327fb7298c388e61afc02d78345760eb2d91e1f69e1ddf050c29242979debd7d55fdce4452d380b9441cd9f80c2badcef9ee6cf07576eb34e6f2347d0dd7766b
SSDEEP

768:kyr28IGOUzaZZKoeRNCSCPcDK709LnZKcQiT52xp2HoS/psZsWnk:b281jzaejTPJ5V2uHPcsy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
688926302366d2859378586cb7d6ec72

Files

688926302366d2859378586cb7d6ec72
.sys windows:4 windows x86 arch:x86

8d9af4c6341ad273c31fe1fd05f7f09d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
ZwQueryValueKey
_except_handler3
wcsncmp
wcslen
towlower
_strnicmp
ZwCreateFile
IoRegisterDriverReinitialization
wcsstr
MmGetSystemRoutineAddress
PsCreateSystemThread
RtlCopyUnicodeString
ZwSetValueKey
ZwDeleteValueKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
PsGetVersion
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
strncmp
strncpy
IofCompleteRequest

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d9af4c6341ad273c31fe1fd05f7f09d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 256B - Virtual size: 256B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 256B - Virtual size: 256B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB