7390fa5586105327f295e874152092b1

Sharing

Copy URL

Twitter E-mail

General

Target

7390fa5586105327f295e874152092b1
Size

40KB
MD5

7390fa5586105327f295e874152092b1
SHA1

0687c75ec98646bfaeae9fe97e29ccc301e0120f
SHA256

417e898c6c8121284404ac33f1755f3e7d09e57f2caca6663b5024a7b3997c15
SHA512

44c5df09e491f8db1fe2e34f18137792b1914192b0233624ff1bfb31597494d74c94323e6c325cbd8fceb22846f562e77925a3b7fece16c885ab8af7e539dc0e
SSDEEP

768:bQYFT+UXFJZW/8ZB6jDuUr6KZsBofkglZD7oZJv/paUuHA6giYOky/YC4M4jlWzG:sYcUVJPv6jaqsBDgbIJv/Ufg0/8MYWzG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7390fa5586105327f295e874152092b1

Files

7390fa5586105327f295e874152092b1
.sys windows:4 windows x86 arch:x86

8c78822f8eb75186bab91221d93f468f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
wcslen
swprintf
wcscat
wcscpy
strncpy
PsLookupProcessByProcessId
_stricmp
PsSetCreateProcessNotifyRoutine
ZwClose
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
ZwOpenKey
wcsncpy
wcsrchr
ZwSetValueKey
ZwDeleteKey
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwQueryValueKey
_except_handler3
RtlCompareUnicodeString
_wcsicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsstr
_wcslwr
RtlAnsiStringToUnicodeString
PsCreateSystemThread
ZwCreateFile
PsGetVersion
_snwprintf
ExAllocatePoolWithTag
ExFreePool
_snprintf
ZwSetInformationFile
wcschr
MmGetSystemRoutineAddress
ZwCreateKey
KeDelayExecutionThread
KeQuerySystemTime
RtlCopyUnicodeString
IoRegisterDriverReinitialization
KeTickCount
KeQueryTimeIncrement
IofCompleteRequest
IoDeviceObjectType

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 56B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c78822f8eb75186bab91221d93f468f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 56B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 56B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB