7a7e89ebd002ccfbfcd9b71fe7287608

Sharing

Copy URL

Twitter E-mail

General

Target

7a7e89ebd002ccfbfcd9b71fe7287608
Size

183KB
MD5

7a7e89ebd002ccfbfcd9b71fe7287608
SHA1

30923a83ce05c6f7f91f5834edfd3c4c6bfe409a
SHA256

b37fcd48cd6cabb8edde3a7c8daa76c9628bd75d05dd7abf83620a579fb97a8c
SHA512

b6d269cb432d7f20aafce66551eb3142c9e0ea7ecaff575c8a2c54ddb6ff7f5d74e540318310719f3d216728a254ae9741b9e1f2ecc85563ac18a057afa5f0f4
SSDEEP

3072:0/fCj2oKg+yV4YtT/Bl5hKT7uVW0egfexWlyK4yOTFO+HLJJedbVTQiJTfZl:XCoKg+c4Ytdl5qy4gACyZTFOELDqTJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a7e89ebd002ccfbfcd9b71fe7287608

Files

7a7e89ebd002ccfbfcd9b71fe7287608
.dll windows:5 windows x86 arch:x86

d2008a9094767f057c74ed930da14b86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\iiiXAezpk\ethHjxwiyzHbdu\syImjxjyhfk\mKqzuntGxYHfr.pdb

Imports

ntoskrnl.exe

IoAllocateErrorLogEntry
CcMdlWriteComplete
IoGetDeviceObjectPointer
IoStopTimer
ZwPowerInformation
MmAllocatePagesForMdl
SeAccessCheck
ExReleaseResourceLite
CcUninitializeCacheMap
PsChargeProcessPoolQuota
KeFlushQueuedDpcs
RtlFreeAnsiString
MmAllocateMappingAddress
ExLocalTimeToSystemTime
RtlTimeToSecondsSince1970
IoFreeWorkItem
CcSetBcbOwnerPointer
CcSetReadAheadGranularity
KeInsertQueue
RtlClearAllBits
RtlEqualUnicodeString
KeGetCurrentThread
KeRemoveDeviceQueue
IoGetDeviceToVerify
KePulseEvent
IofCallDriver
RtlAreBitsClear
RtlQueryRegistryValues
IoQueryFileDosDeviceName
RtlxOemStringToUnicodeSize
IoBuildPartialMdl
RtlFindClearBits
IoGetAttachedDevice
RtlVerifyVersionInfo
FsRtlCheckOplock
IoStartTimer
SeCaptureSubjectContext
SeCreateClientSecurity
RtlGetCallersAddress
ZwCreateFile
ObQueryNameString
RtlFreeOemString
KdDisableDebugger
RtlEqualString
RtlCopySid
MmResetDriverPaging
DbgPrompt
KeDetachProcess
KeInsertQueueDpc
RtlGenerate8dot3Name
FsRtlIsFatDbcsLegal
ZwOpenFile
MmAddVerifierThunks
RtlNtStatusToDosError
IoFreeErrorLogEntry
ExRegisterCallback
IoGetBootDiskInformation
RtlGetVersion
RtlSetDaclSecurityDescriptor
ZwOpenSymbolicLinkObject
IoEnumerateDeviceObjectList
KeReadStateEvent
ZwQueryVolumeInformationFile
MmAdvanceMdl
SeTokenIsRestricted
RtlCompareMemory
ZwCreateSection
RtlSecondsSince1980ToTime
ZwReadFile
RtlUpcaseUnicodeString
IoAcquireVpbSpinLock
IoReuseIrp
MmUnmapIoSpace
IoCreateDisk
FsRtlFastCheckLockForRead
KeInitializeSemaphore
IoGetRequestorProcess
KeInitializeDeviceQueue
MmSetAddressRangeModified
RtlUpperString
RtlValidSid
SeDeassignSecurity
RtlFindUnicodePrefix
FsRtlFreeFileLock
IoReportResourceForDetection
PsReturnPoolQuota
MmUnmapReservedMapping
PoRequestPowerIrp
KeRegisterBugCheckCallback
IoReadPartitionTable
IoWMIWriteEvent
PoUnregisterSystemState
IoGetDriverObjectExtension
RtlFindLastBackwardRunClear
KeQueryTimeIncrement
MmMapLockedPages
RtlUnicodeToOemN
KeInitializeSpinLock
KeReadStateSemaphore
KeSetPriorityThread
IoCsqRemoveIrp
IoSetPartitionInformationEx
SeDeleteObjectAuditAlarm
CcZeroData
CcFastCopyRead
IoSetStartIoAttributes
KeInsertHeadQueue
FsRtlLookupLastLargeMcbEntry
ExGetExclusiveWaiterCount
MmUnmapLockedPages
RtlGetNextRange
RtlxAnsiStringToUnicodeSize
ObMakeTemporaryObject
ZwFlushKey
RtlFindClearRuns
IoRemoveShareAccess
IoIsWdmVersionAvailable
FsRtlCheckLockForWriteAccess
ExRaiseAccessViolation
PsSetLoadImageNotifyRoutine
ZwCreateEvent
IoOpenDeviceRegistryKey
IoReadDiskSignature
IoDisconnectInterrupt
IoGetTopLevelIrp
ExUuidCreate
IoGetCurrentProcess
CcUnpinDataForThread
ExRaiseDatatypeMisalignment
RtlFindLeastSignificantBit
RtlGUIDFromString
RtlNumberOfClearBits
RtlInitString
CcRepinBcb
KeLeaveCriticalRegion
PsGetCurrentThread
IoDeleteController
MmPageEntireDriver
KeRevertToUserAffinityThread
CcMapData
MmProbeAndLockProcessPages
RtlSetAllBits
RtlAddAccessAllowedAceEx
KeQueryActiveProcessors
CcFastCopyWrite
MmMapUserAddressesToPage
KeRemoveQueueDpc
KeReadStateMutex
IoInitializeIrp
DbgBreakPointWithStatus
ObfDereferenceObject
IoInitializeRemoveLockEx
PsIsThreadTerminating
IoWritePartitionTableEx
RtlAppendStringToString
RtlUnicodeStringToAnsiString
ZwCreateKey
CcPurgeCacheSection
MmSizeOfMdl
CcIsThereDirtyData
ExInitializeResourceLite
ExGetSharedWaiterCount
RtlUnicodeStringToInteger
IoReleaseRemoveLockAndWaitEx
IoFreeMdl
KeReleaseMutex
SeSinglePrivilegeCheck
IoFreeController
RtlUnicodeStringToOemString
FsRtlCheckLockForReadAccess
ExAllocatePoolWithQuotaTag
KeInitializeDpc
SeAppendPrivileges
CcSetDirtyPinnedData
RtlRemoveUnicodePrefix
KeInitializeQueue
ZwEnumerateKey
KeInitializeMutex
RtlInitializeBitMap
IoThreadToProcess
MmMapLockedPagesSpecifyCache
IoAcquireRemoveLockEx
PsGetProcessExitTime
IoGetDeviceProperty
FsRtlIsTotalDeviceFailure
IoVerifyPartitionTable
IoInvalidateDeviceRelations
KeEnterCriticalRegion
MmUnlockPages
IoReleaseCancelSpinLock
IoWriteErrorLogEntry
ExSetResourceOwnerPointer
RtlFillMemoryUlong
KeRemoveQueue
KeSetImportanceDpc
IoGetDiskDeviceObject
IoWMIRegistrationControl
RtlSubAuthoritySid
IoInitializeTimer
KeSetTimerEx
IoStartNextPacket
MmFreeMappingAddress
ExIsProcessorFeaturePresent
ZwSetValueKey
IoQueueWorkItem
ExAcquireResourceSharedLite
IoAllocateController
ExDeleteNPagedLookasideList
IoCreateSynchronizationEvent
RtlCopyLuid
IoIsOperationSynchronous
RtlInitUnicodeString
RtlDeleteNoSplay
IoReportDetectedDevice
ZwClose
IoSetThreadHardErrorMode
RtlDeleteElementGenericTable
ProbeForRead
ZwAllocateVirtualMemory
WmiQueryTraceInformation
ExAllocatePool
CcCanIWrite
SeOpenObjectAuditAlarm
IoAllocateMdl
ExAllocatePoolWithTag
RtlCreateUnicodeString
KeQuerySystemTime
RtlHashUnicodeString
RtlExtendedIntegerMultiply
RtlDeleteRegistryValue
ZwDeviceIoControlFile
KeWaitForMultipleObjects
CcMdlRead
FsRtlFastUnlockSingle
KdEnableDebugger
KeResetEvent
RtlFindClearBitsAndSet
CcFastMdlReadWait
RtlInitializeUnicodePrefix
RtlDowncaseUnicodeString
KeInsertDeviceQueue
IoGetDmaAdapter
RtlAnsiStringToUnicodeString
RtlIntegerToUnicodeString
IoRaiseHardError
KeInsertByKeyDeviceQueue
PsGetProcessId
MmFreeContiguousMemory
IoCreateDevice
ExFreePoolWithTag
KeClearEvent
KeSetTargetProcessorDpc
RtlRandom
IoDetachDevice
KefAcquireSpinLockAtDpcLevel
RtlIsNameLegalDOS8Dot3

Exports

Exports

?IsListItemEx@@YGJJPAGPAM<V
?FormatCommandLineEx@@YGPAJHK<V
?ValidateMediaTypeExA@@YGFPAJ<V
?RemoveMonitorExW@@YGPAXMMPAJJ<V
?IsTimeA@@YGMIJN<V
?ModifyTimer@@YGPAXID<V
?FreeVersionOriginal@@YGPAEJJPAE<V
?ModifyArgumentExA@@YG_NJPAEPADI<V
?PutPathExA@@YGEF<V
?DeleteDateTimeExA@@YGNMPAHIF<V
?PutStateEx@@YGXPAMF<V
?SetScreenEx@@YGPADPAHPAM_N_N<V
?SetExpression@@YGJNE<V
?HideHeight@@YGPAJGIFH<V
?OnSize@@YGXHPAKJM<V
?CallFullNameOld@@YGNGPAKJ<V
?EnumKeyNameExW@@YGPAMPAD<V
?HideArgumentW@@YGDPAENPAJ<V

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2008a9094767f057c74ed930da14b86

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 35KB - Virtual size: 74KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 668B

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 35KB - Virtual size: 74KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 668B