7ff9893744b83e71ac3948cb9ec09c24

General

Target

7ff9893744b83e71ac3948cb9ec09c24
Size

52KB
MD5

7ff9893744b83e71ac3948cb9ec09c24
SHA1

a3ab10235288a8245edd5f5d23b31f7acdf1a392
SHA256

53a79eb5893db1ae061eda1e09737ece9687c820840c11965324d891437881c3
SHA512

862689155a17b0067af52238832ff3f1844e0a5fc526e1865116f88a1e5c6c0903683c3cb819b6620d9a36d7ec19413a662b261a12c623e9b62b280445e85b89
SSDEEP

768:ai62expT16Fed9bze1rvl4VdaHY77nD7j7WZua:562MPIoorvlW3j4u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ff9893744b83e71ac3948cb9ec09c24

Files

7ff9893744b83e71ac3948cb9ec09c24
.dll windows:4 windows x86 arch:x86

f6c19ed7a9584e9bdede8d55eb851250

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

CcPinRead
FsRtlTruncateMcb
PsEstablishWin32Callouts
FsRtlUninitializeLargeMcb
ZwDuplicateObject
ExFreePool
RtlConvertSidToUnicodeString
ZwEnumerateValueKey
strncat
_wcsupr
InbvSetScrollRegion
RtlDecompressBuffer
FsRtlUninitializeMcb
ZwDeleteValueKey
MmMapLockedPages
InbvDisplayString
FsRtlGetNextFileLock
RtlImageDirectoryEntryToData
_strnicmp
RtlLargeIntegerDivide
PsSetCreateThreadNotifyRoutine
ExAllocatePool
MmFreeContiguousMemorySpecifyCache
RtlLargeIntegerNegate
NtConnectPort
ZwQuerySystemInformation
ZwEnumerateKey
ZwConnectPort
LdrAccessResource
MmForceSectionClosed
KeInitializeInterrupt
SeSinglePrivilegeCheck
IoUnregisterFsRegistrationChange
RtlNextUnicodePrefix
Exfi386InterlockedExchangeUlong
InbvEnableDisplayString
MmSetBankedSection

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6c19ed7a9584e9bdede8d55eb851250

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 34KB - Virtual size: 34KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 34KB - Virtual size: 34KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB