989bd03b08ab48d9e77badaaa36b3df4

Sharing

Copy URL Twitter E-mail

General

Target

989bd03b08ab48d9e77badaaa36b3df4
Size

445KB
MD5

989bd03b08ab48d9e77badaaa36b3df4
SHA1

362e901563b5d7c06f7495bc31b21982ea022ef3
SHA256

c62ac9016a1ecc22f9f24623bafcae863c85f19777d8a3556344b46fbbc53ca4
SHA512

41e0dae71683ffb4c1f3cf91edeae68327d5847cb6721be48224a47328e4e666a3439f927ceb984407ac5ac003b9dc1e7d6130b3295e164a004fb24a7b0dc100
SSDEEP

6144:XfbK+ZrhsOt8gbCCeglCeskyLwIcJ5puCOuF+53IykoNCDbRuNLdkzaE4:XO+ZFcglC3kwwIcJCCrdo8o5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
989bd03b08ab48d9e77badaaa36b3df4

Files

989bd03b08ab48d9e77badaaa36b3df4
.dll windows:5 windows x86 arch:x86

387605831e878f9d093e7a63842dccf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\hhexahtt\mCdnvWujAitb\fcCeagtSo\qSxrfnQr.pdb

Imports

ntoskrnl.exe

RtlEqualString
MmPageEntireDriver
RtlFindLeastSignificantBit
IoGetBootDiskInformation
ExSystemTimeToLocalTime
IoRaiseHardError
KeEnterCriticalRegion
FsRtlNotifyUninitializeSync
ExLocalTimeToSystemTime
KeBugCheck
RtlAreBitsClear
ExVerifySuite
ExAcquireResourceSharedLite
RtlInitAnsiString
IoCreateSymbolicLink
IoReleaseCancelSpinLock
ZwFsControlFile
ExAcquireFastMutexUnsafe
MmFreeContiguousMemory
FsRtlIsHpfsDbcsLegal
IoFreeIrp
SeQueryInformationToken

Sections

.text
Size: 42KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

387605831e878f9d093e7a63842dccf2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 42KB - Virtual size: 45KB

.i_txt Size: 512B - Virtual size: 92B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 1024B - Virtual size: 555B

.data Size: 14KB - Virtual size: 40KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 676B

.text
Size: 42KB - Virtual size: 45KB

.i_txt
Size: 512B - Virtual size: 92B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 1024B - Virtual size: 555B

.data
Size: 14KB - Virtual size: 40KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 676B