800010ed4e3b445814cf7b451e25d2d6

General

Target

800010ed4e3b445814cf7b451e25d2d6
Size

4KB
MD5

800010ed4e3b445814cf7b451e25d2d6
SHA1

e5903328de3953f63e2877f477625f754ca47656
SHA256

cd6eec136666876b1ca6b5f5fee6a87b1e32e89280d69d1b857726d3ec5bcf28
SHA512

4246c06fd71715544500a53ccced9fd9b2a628005082137a0c45f09fb60e8de60798bf36987b32d28bb668a622803d8f4559a168f48a3a0f545ba4cc9b788380
SSDEEP

48:gTf06fMwmxTOAGkm6SKX/beNsp/Df/DWrz9HNVU4HzIHfM8gbJ7agwTgHoRrq3jV:IfYxTAk9blr+zlNVU45fvo1qTTxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
800010ed4e3b445814cf7b451e25d2d6

Files

800010ed4e3b445814cf7b451e25d2d6
.sys windows:5 windows x86 arch:x86

05782c181b72a98bff0204d86d393842

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DirectDiskForWin32\KillProcess\objfre_wxp_x86\i386\pcidump.pdb

Imports

ntoskrnl.exe

DbgPrint
PsTerminateSystemThread
ExAllocatePoolWithTag
MmIsAddressValid
ObfDereferenceObject
strncmp
IoGetCurrentProcess
strncpy
MmGetSystemRoutineAddress
ObReferenceObjectByHandle
PsCreateSystemThread
PsGetCurrentProcessId
PsLookupProcessByProcessId
KeInitializeSpinLock
ObReferenceObjectByName
IoDriverObjectType
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
RtlInitUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
ExFreePoolWithTag
KeWaitForSingleObject
IofCompleteRequest

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 246B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05782c181b72a98bff0204d86d393842

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 256B - Virtual size: 246B

.data Size: 256B - Virtual size: 160B

INIT Size: 896B - Virtual size: 832B

.reloc Size: 384B - Virtual size: 380B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 256B - Virtual size: 246B

.data
Size: 256B - Virtual size: 160B

INIT
Size: 896B - Virtual size: 832B

.reloc
Size: 384B - Virtual size: 380B