8cef7288682c0dc5f6a3c2bf82052b52

General

Target

8cef7288682c0dc5f6a3c2bf82052b52
Size

10KB
MD5

8cef7288682c0dc5f6a3c2bf82052b52
SHA1

7533b46b5cfdf05ca6956c58393ec9bafbfbee82
SHA256

400b3419bab43f848509e4a33c9602725fe6681d7279b3233c865a31e1856bc9
SHA512

436dd6655e6d9d322d407ef99443d31e5cc71feff7583a152f5d16ea059d8a87f5ad9f9f0c2c5cbb4eeeeb9818c727fd6f7e94c021fc0a0cedb696bcab06f759
SSDEEP

192:NQ9nmuoOBvWf/alaax0prn8LB4/GZxR+u5xG88QAcD:NQxx8fiFCR8t4urR2dI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cef7288682c0dc5f6a3c2bf82052b52

Files

8cef7288682c0dc5f6a3c2bf82052b52
.sys windows:5 windows x86 arch:x86

4ac095db6dee6f75b58902139e64bd67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ZwDeviceIoControlFile
ZwQueryDirectoryFile
strncmp
IoGetCurrentProcess
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_stricmp
ZwClose
ZwUnmapViewOfSection
wcscmp
_except_handler3
PsGetVersion
ObfDereferenceObject
wcsstr
ProbeForRead
ExAllocatePoolWithTag
MmIsAddressValid
KeAttachProcess
PsLookupProcessByProcessId
ZwEnumerateKey
ZwCreateKey
ZwSetValueKey
strncpy
IoDeleteSymbolicLink
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IofCompleteRequest
RtlFreeAnsiString
RtlCompareMemory
RtlUnicodeStringToAnsiString
strncat
ExFreePool
KeDetachProcess
DbgPrint

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 448B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ac095db6dee6f75b58902139e64bd67

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 352B - Virtual size: 340B

.data Size: 448B - Virtual size: 448B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 672B - Virtual size: 646B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 352B - Virtual size: 340B

.data
Size: 448B - Virtual size: 448B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 672B - Virtual size: 646B