97dd1a4c155a7f8e79ba0c28bca077c1

General

Target

97dd1a4c155a7f8e79ba0c28bca077c1
Size

7KB
MD5

97dd1a4c155a7f8e79ba0c28bca077c1
SHA1

05d1007bd2429c40bd955b3637e73feeabae35d6
SHA256

d5bb8bc68e7099d29dc8e1dd08f31a7421baccf438f12833db3e6e56d4b7736a
SHA512

37779722cc7d2cea3025bea9f04f7798f6c1c4c7bfdf605b6bb44181291d41ca1300e9ef5ceaf03178e35374981b787f78ef025a07aa8d40fd06258c0a7b95a0
SSDEEP

96:8n7S2RnanA4CRhtb5Z9SSyxrETrwTLHGsCvPMkWS9:wSEJ4CRhF5Z9SrEXwTbGselv9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97dd1a4c155a7f8e79ba0c28bca077c1

Files

97dd1a4c155a7f8e79ba0c28bca077c1
.sys windows:5 windows x86 arch:x86

f3ac91f5f5364d7a5d95c3ab4326409f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
ZwSetValueKey
RtlFreeAnsiString
RtlCompareMemory
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
wcscmp
_except_handler3
strncpy
ExAllocatePoolWithTag
strncmp
IoGetCurrentProcess
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
ZwQueryDirectoryFile
IofCompleteRequest
_stricmp
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
ExFreePool
strncat
ZwQuerySystemInformation
ObfDereferenceObject
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ZwDeviceIoControlFile
ZwEnumerateKey
IoCreateDevice
PsGetVersion

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ac91f5f5364d7a5d95c3ab4326409f

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 998B

.reloc Size: 512B - Virtual size: 486B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 998B

.reloc
Size: 512B - Virtual size: 486B