8d6af0cd0edd84e3717f82c3a2450df1

General

Target

8d6af0cd0edd84e3717f82c3a2450df1
Size

7KB
MD5

8d6af0cd0edd84e3717f82c3a2450df1
SHA1

8519fff7f0cf4da12ba405c567bca9d895438c33
SHA256

03aa43db1c35e4f8694fbec73d3370054b9207de368c9525ebf2154664d14f75
SHA512

5c91760bc8e4074ac87fdecdbc0bb59908d2818904b50f8986a6e11044086fe04d8593ef2e23f5095ee80336651f1d16291518f1ab9947a836f860f40070ca78
SSDEEP

192:tPHn8CAe5Iy34BSMQ75zpZMcDmdoOXvz0:tfB5I6485zhm+Ob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d6af0cd0edd84e3717f82c3a2450df1

Files

8d6af0cd0edd84e3717f82c3a2450df1
.sys windows:5 windows x86 arch:x86

6882320da9bf56baeb9299e5a7942887

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAttachProcess
PsLookupProcessByProcessId
_except_handler3
strncpy
ExAllocatePoolWithTag
wcscmp
DbgPrint
strncmp
IoGetCurrentProcess
IofCompleteRequest
RtlFreeAnsiString
RtlCompareMemory
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
KeDetachProcess
IoCreateDevice
_stricmp
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
PsGetVersion
ExFreePool
strncat
ZwQuerySystemInformation
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwEnumerateKey
ZwCreateKey
ZwSetValueKey
IoCreateSymbolicLink
ObfDereferenceObject

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6882320da9bf56baeb9299e5a7942887

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 1014B

.reloc Size: 544B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 1014B

.reloc
Size: 544B - Virtual size: 520B