9a23f4152dcdb580969b7d8e3593fccc

General

Target

9a23f4152dcdb580969b7d8e3593fccc
Size

8KB
MD5

9a23f4152dcdb580969b7d8e3593fccc
SHA1

7fa5102421335243adb9f91f0c531a9135f0e960
SHA256

e0405be517d0275e66d5e83e7b547e3c2b1e3176c604acd650f12af8fd1c6a81
SHA512

91e37ac96d694b4f33b438b02b158c7dbe4ee47bbf72088ff871975d21d4383cadd394a2e7f289691ad036370c9021787600235170066a5f041d3bd8ab762bdd
SSDEEP

192:t4pbFRWub5CNLw4k5bK5osZzwunFCf5+HohJ:t6bDWuYw4wuFlohJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a23f4152dcdb580969b7d8e3593fccc

Files

9a23f4152dcdb580969b7d8e3593fccc
.sys windows:5 windows x86 arch:x86

c915cf8e248a813bd913cf1af35e6ae0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
wcscmp
_except_handler3
_stricmp
IoGetCurrentProcess
ZwClose
ZwUnmapViewOfSection
strncmp
PsGetVersion
strncpy
ObfDereferenceObject
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ZwMapViewOfSection
ExAllocatePoolWithTag
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
RtlFreeAnsiString
RtlCompareMemory
RtlUnicodeStringToAnsiString
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
wcslen
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwCreateKey
ZwSetValueKey
strncat
ExFreePool
ZwCreateSection
DbgPrint

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c915cf8e248a813bd913cf1af35e6ae0

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 564B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 564B