74f5b180cb11daa0213b1b1a69d9274c

General

Target

74f5b180cb11daa0213b1b1a69d9274c
Size

12KB
MD5

74f5b180cb11daa0213b1b1a69d9274c
SHA1

038fced9e5eb432bebeecb45e0c02280f6982286
SHA256

0d083b5aa0775d1f24c108165209e12abb8514d3428bcd4ca719c310a1f74cc8
SHA512

cc61a13309d18fa641340ab51fa7f1a99a8044a6ca6edeccb344648b8d4bd8be1327992c57ed7bdeb16fa69e88dd5352c840fc37f890d73facdecd2b78a38c8c
SSDEEP

192:5AYaKFgcYTU+xRALJcHoW3F4+YBWZ8NWZ4f:UK53LJcIW3iBWZ8NWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74f5b180cb11daa0213b1b1a69d9274c

Files

74f5b180cb11daa0213b1b1a69d9274c
.sys windows:5 windows x86 arch:x86

e493ae827540bb9fecfa072c44805a22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateFile
ZwClose
ZwQueryValueKey
ZwSetValueKey
ZwCreateKey
KeServiceDescriptorTable
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlCompareMemory
IofCompleteRequest
IoRegisterDriverReinitialization
RtlFreeAnsiString
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
swprintf
IoCreateSymbolicLink
IoCreateDevice
wcscat
_strlwr
RtlUnicodeStringToAnsiString
wcsrchr
_wcslwr
ZwEnumerateKey
ZwOpenKey
IoGetCurrentProcess
PsTerminateSystemThread
ExFreePoolWithTag
RtlFreeUnicodeString
RtlInitAnsiString
KeDelayExecutionThread
ObfDereferenceObject
KeWaitForSingleObject
ObReferenceObjectByHandle
PsCreateSystemThread
sprintf
ExAllocatePoolWithTag
_stricmp
strncpy
PsLookupProcessByProcessId
_except_handler3

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e493ae827540bb9fecfa072c44805a22

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 289B

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 388B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 289B

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 388B