747d62437a3f515e80055edf49181ca8

Sharing

Copy URL Twitter E-mail

General

Target

747d62437a3f515e80055edf49181ca8
Size

40KB
MD5

747d62437a3f515e80055edf49181ca8
SHA1

3c2c19b298174d2e8e0f2513d78dfd5a1aab548d
SHA256

09af7573500aa0eb24234a5c8fe409e77ea82f50cf450122cad26137ad0f3e30
SHA512

507ed15c35e32727f35c3212c99549975c454756c0c41413c0f14a83eb9ad369eff0c71ddd3cfe1754de363b15a319d48211fdc32c849fd94dd31cae2a73dd84
SSDEEP

768:FHvfoQoi5L5EF1W59SEsFiJ4cifMXnPxI6EQgKoCg:FHvfJL5f5wvF5EnYQgA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
747d62437a3f515e80055edf49181ca8

Files

747d62437a3f515e80055edf49181ca8
.sys windows:4 windows x86 arch:x86

5213d7a1fdb3cb05e6a3e95aea0e7738

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
wcscat
wcscpy
RtlInitUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwClose
PsCreateSystemThread
ZwOpenKey
RtlCopyUnicodeString
strncpy
PsLookupProcessByProcessId
_stricmp
RtlAnsiStringToUnicodeString
wcsstr
_wcslwr
_snwprintf
wcsncpy
wcschr
ObfDereferenceObject
ZwQueryValueKey
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeQuerySystemTime
ZwSetInformationFile
ZwCreateFile
PsGetVersion
MmGetSystemRoutineAddress
ZwCreateKey
wcsrchr
MmIsAddressValid
IoGetCurrentProcess
KeDelayExecutionThread
ZwSetValueKey
ObReferenceObjectByHandle
_wcsnicmp
ZwDeleteKey
IoRegisterDriverReinitialization
IoDeviceObjectType
IofCompleteRequest
_except_handler3
strncmp
KeTickCount
KeQueryTimeIncrement
_wcsicmp

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5213d7a1fdb3cb05e6a3e95aea0e7738

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 64B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 64B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB