979e4db3ac2748d298f58d791ae0cc67

General

Target

979e4db3ac2748d298f58d791ae0cc67
Size

13KB
MD5

979e4db3ac2748d298f58d791ae0cc67
SHA1

71259c91788ad0fd1922370bbb0bde95cbf3857a
SHA256

9723f469636197e2272a224488ae26de734e3756b1660d3b119f03b020cca74d
SHA512

186bf46e9f276ffae88a9819e752f058a3798a235ffde4753989aad685c1c598ebb6f99c833ab9def60aeb7a62d1700ece200c8c6dcce6dc6e35b94b20268a45
SSDEEP

192:eIgw9l0H1XiLK/xFM/UJiaWTafK0CuTUALjp20OXi+/TfI5JQrSCz:iY0H1XiCXxJusTUCpgXi+/05arSCz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
979e4db3ac2748d298f58d791ae0cc67

Files

979e4db3ac2748d298f58d791ae0cc67
.sys windows:6 windows x64 arch:x64

a6e2a5adb2bc3fd005390adc56615309

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
IoCreateFileSpecifyDeviceObjectHint
KeAttachProcess
KeDetachProcess
ZwDeleteFile
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
IoFreeMdl
IoGetRelatedDeviceObject
IoGetFileObjectGenericMapping
ObCreateObject
SeCreateAccessState
IoFileObjectType
PsLookupProcessByProcessId
PsLookupThreadByThreadId
PsGetThreadProcess
RtlGetVersion
ObfReferenceObject
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
towupper
RtlCopyUnicodeString
ExAllocatePoolWithTag
MmUnlockPages
IoGetBaseFileSystemDeviceObject
KeBugCheckEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6e2a5adb2bc3fd005390adc56615309

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 360B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 360B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B