88962dce302e2d2bac4a955eb6f6ba5d

General

Target

88962dce302e2d2bac4a955eb6f6ba5d
Size

81KB
MD5

88962dce302e2d2bac4a955eb6f6ba5d
SHA1

3f484d9ecdf7181869b2944e73834bbc04442194
SHA256

c23b830b477c666910f1c9d7799e53d2033955bc717e231a37331a9bc5b71521
SHA512

c9a52780bd412e4d2afd8ff4d809e7cc4ee6c73f870f6229217695a86288bbdab0617a23db6a25e1978a79b00bae8ae25fda558d3e9e5a9814e61b7117e0bf7f
SSDEEP

1536:bxgwpsMKTp2MycT9tjV/dQZazX2iefRwv45gwbEREXjt:bmwpsMKddn+Zc0wQ5toRAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88962dce302e2d2bac4a955eb6f6ba5d

Files

88962dce302e2d2bac4a955eb6f6ba5d
.dll windows:5 windows x86 arch:x86

458036cdbebd936fd6aad9c1849b5bc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\vACNhvEOYDr\sbofjTcJKYut\ggvfeGdmZBFku.pdb

Imports

ntoskrnl.exe

FsRtlNotifyUninitializeSync
RtlEqualString
RtlEqualUnicodeString
_wcsupr
RtlSubAuthoritySid
ZwOpenSection
RtlInitString
ExDeleteNPagedLookasideList
KeRundownQueue
ZwFreeVirtualMemory
RtlFindLongestRunClear
IoDisconnectInterrupt
FsRtlSplitLargeMcb
FsRtlCheckLockForWriteAccess
MmIsAddressValid
RtlInitUnicodeString
MmAllocateContiguousMemory
RtlHashUnicodeString
RtlDeleteRegistryValue
KeRemoveByKeyDeviceQueue
RtlCompareString
PsGetVersion
CcIsThereDirtyData
RtlFindClearBits

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.file
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.type
Size: 1024B - Virtual size: 747B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

458036cdbebd936fd6aad9c1849b5bc1

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.file Size: 512B - Virtual size: 320B

.data Size: 5KB - Virtual size: 39KB

.rdata Size: 11KB - Virtual size: 10KB

.type Size: 1024B - Virtual size: 747B

.rsrc Size: 15KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 732B

.text
Size: 15KB - Virtual size: 15KB

.file
Size: 512B - Virtual size: 320B

.data
Size: 5KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 10KB

.type
Size: 1024B - Virtual size: 747B

.rsrc
Size: 15KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 732B