8be35b2ad444bf7949eb276929b29768

Sharing

Copy URL Twitter E-mail

General

Target

8be35b2ad444bf7949eb276929b29768
Size

57KB
MD5

8be35b2ad444bf7949eb276929b29768
SHA1

b33c585006d69611df1d2e2282fd1ae8f285c940
SHA256

fb6d201f7a7be72992e35a18046195495ae9aafa4a3210c80d4f0bb897895576
SHA512

344a9412c1351730520d1cafa1962c009d136ec3e1d91ea4df58e9af4421f140bf7e80cda5755b5f7d16844034912ebab402fae962f86f3ec9b0f51f59bec295
SSDEEP

768:BCSwaYD9todUDn1pc+gRCeWrQKTETvuF0zLCWhEK2HKSPiFhV3T:ESwj3odK1++gRhWEKwGanoq+ijBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8be35b2ad444bf7949eb276929b29768

Files

8be35b2ad444bf7949eb276929b29768
.dll windows:4 windows x86 arch:x86

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strlen
strchr
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObReferenceObjectByHandle
PsCreateSystemThread
NtBuildNumber
InterlockedCompareExchange
KeSetEvent
_stricmp
ZwQuerySystemInformation
IofCompleteRequest
InterlockedIncrement
RtlUnicodeStringToInteger
ObfDereferenceObject
InterlockedDecrement
RtlFreeUnicodeString
PsTerminateSystemThread
KeWaitForSingleObject
swprintf
strstr
strncmp
sprintf
memmove
KeInitializeEvent
atol
InterlockedExchange
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ZwCreateEvent
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseMutex
KeReleaseSemaphore
_except_handler3
KeReadStateSemaphore
KeSetPriorityThread
KeGetCurrentThread
KeInitializeMutex
KeInitializeSpinLock
ZwQueryVolumeInformationFile
ZwQueryInformationProcess
memset
ZwEnumerateKey
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwOpenKey
KeServiceDescriptorTable
ZwQueryValueKey
ZwSetValueKey
ZwCreateFile
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
ZwClose
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
RtlCompareUnicodeString
ExFreePool
RtlCompareMemory
ExAllocatePoolWithTag
memcpy
atoi
KeQuerySystemTime

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisFreePacketPool
NdisFreeSpinLock
NdisDprAllocatePacket
NdisDprFreePacket
NdisUnchainBufferAtFront
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMSleep
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisFreeBufferPool
NdisQueryBuffer
NdisFreeBuffer
NdisAllocatePacket
NdisAllocateBuffer
NdisFreePacket
NdisAllocateSpinLock
NdisDprAcquireSpinLock
NdisDprReleaseSpinLock
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisCloseAdapter
NdisGetFirstBufferFromPacket
NdisOpenAdapter

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 38KB - Virtual size: 37KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 680B

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 37KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 680B

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB