7f6d7f0934cb8ec4064db6b93149ac17

General

Target

7f6d7f0934cb8ec4064db6b93149ac17
Size

5KB
MD5

7f6d7f0934cb8ec4064db6b93149ac17
SHA1

d97cb9bca44f8c2688ac3a3a661f24343fb599e6
SHA256

290b872f7dbbfaca6142db1b9611ff60d05f3a629603852b1bb8de978dd9d8e5
SHA512

b94f24de218d2d247eeceddf2ed6267749d955c235a8c2eb5098263c48bcf9e84ac4eac383d072d21452b34c1265f5aba04fd228d0a5d46b6f0d889dd4da70c3
SSDEEP

96:WIzAN73Bk1wNSH20gJtbDQjljm8Urlk2iw/g8amZO99T0:WI4y1h2TDIJy5kU/g8xZ49Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f6d7f0934cb8ec4064db6b93149ac17

Files

7f6d7f0934cb8ec4064db6b93149ac17
.sys windows:4 windows x86 arch:x86

76f8c133bf4b034315e475a431596a48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InbvAcquireDisplayOwnership
IoCheckEaBufferValidity
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoGetDeviceObjectPointer
IoRegisterDriverReinitialization
IoRegisterFileSystem
IoStopTimer
ObCreateObject
ObDereferenceObject
ObFindHandleForObject
ObReferenceObjectByHandle
ObReferenceObjectByName
ObSetSecurityDescriptorInfo
PfxFindPrefix
PoSetSystemState
PsEstablishWin32Callouts
PsTerminateSystemThread
SeLockSubjectContext
ZwAccessCheckAndAuditAlarm
ZwClose
ZwOpenDirectoryObject
MmUserProbeAddress
KeServiceDescriptorTable
IoDriverObjectType
DbgPrint
Exfi386InterlockedDecrementLong
Exfi386InterlockedExchangeUlong
Exfi386InterlockedIncrementLong
InterlockedCompareExchange
InterlockedExchangeAdd
InterlockedIncrement
IofCompleteRequest

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 751B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 192B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76f8c133bf4b034315e475a431596a48

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 768B - Virtual size: 751B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 192B - Virtual size: 188B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 768B - Virtual size: 751B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 192B - Virtual size: 188B