98d34346ef50337b96c61e5e1b245726

Sharing

Copy URL Twitter E-mail

General

Target

98d34346ef50337b96c61e5e1b245726
Size

239KB
MD5

98d34346ef50337b96c61e5e1b245726
SHA1

e4430c51da49eafdd340766670ca363cf9c706f5
SHA256

d48f4463fa9e9c67a8fc731f51f7038ea71efcca3a50a1159d9e0b93b843e0f4
SHA512

117c0c31d30de5f5d6392a1197282fcc8a653fb367520580747210ddf9e4347d14541acdc461bd214691d8d86087917faffca197736650e1165cd31da2c9306d
SSDEEP

6144:N1r0/LRxYFqKXIgiYlKwu0H+XTqmu3iKf8Yzh:N1rKRxERlKV0eXTqbiRg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98d34346ef50337b96c61e5e1b245726

Files

98d34346ef50337b96c61e5e1b245726
.sys windows:6 windows x86 arch:x86

f3ac9b3d4f01ae5fe6a326219a159f5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

volsnap.pdb

Imports

ntoskrnl.exe

RtlClearBits
RtlClearBit
RtlSetBits
RtlSetBit
RtlNumberOfSetBits
RtlAreBitsClear
RtlAreBitsSet
RtlFindNextForwardRunClear
memcpy
KeWaitForSingleObject
KeReleaseSemaphore
memset
MmBuildMdlForNonPagedPool
IoSetIoPriorityHint
ExFreePoolWithTag
IoFreeMdl
IoAllocateIrp
IoAllocateMdl
ExAllocatePoolWithTag
IoFreeIrp
RtlCompareMemory
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
RtlQueryRegistryValues
ZwCreateKey
RtlStringFromGUID
ObfDereferenceObject
ExQueueWorkItem
IofCompleteRequest
IofCallDriver
_allshr
KeSetEvent
ZwQueryVolumeInformationFile
ZwFsControlFile
_allmul
_alldiv
ZwQueryInformationFile
ZwSetInformationFile
IoDeleteSymbolicLink
swprintf_s
KeQueryTimeIncrement
KeTickCount
IoGetIoPriorityHint
MmMapLockedPagesSpecifyCache
IoFileObjectType
RtlGetAce
RtlEqualSid
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
ZwQuerySecurityObject
ZwOpenFile
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoReleaseCancelSpinLock
KeResetEvent
IoAcquireCancelSpinLock
RtlAppendUnicodeStringToString
RtlCreateSystemVolumeInformationFolder
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlCreateSecurityDescriptor
ZwReadFile
KeInitializeMutex
KeReleaseMutex
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeBitMap
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
MmLockPagableDataSection
MmUnlockPages
ZwUnmapViewOfSection
RtlDeleteElementGenericTableAvl
ObfReferenceObject
RtlEqualUnicodeString
ObReferenceObjectByHandle
RtlGetVersion
_allrem
IoGetDeviceObjectPointer
ZwSetValueKey
PsGetThreadProcessId
KeQuerySystemTime
EtwWrite
EtwEventEnabled
PsGetThreadId
KeCancelTimer
KeSetTimer
ExReInitializeRundownProtectionCacheAware
ExWaitForRundownProtectionReleaseCacheAware
ExReleaseRundownProtectionCacheAware
PoCallDriver
PoStartNextPowerIrp
ExAcquireRundownProtectionCacheAware
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
memmove
IoVolumeDeviceToDosName
IoQueueWorkItem
FsRtlGetVirtualDiskNestingLevel
ZwWaitForSingleObject
ZwOpenEvent
ExAllocatePoolWithTagPriority
KeReadStateEvent
MmProbeAndLockPages
ZwMapViewOfSection
ZwCreateSection
IoGetAttachedDeviceReference
ZwCreateFile
IoBuildSynchronousFsdRequest
IoInvalidateDeviceRelations
FsRtlIsTotalDeviceFailure
IoFreeWorkItem
IoAllocateWorkItem
PsTerminateSystemThread
KeSetPriorityThread
ExUuidCreate
IoInitializeWorkItem
KeInitializeDpc
KeInitializeTimer
ExInitializeRundownProtectionCacheAware
KeInitializeSemaphore
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoGetDriverObjectExtension
IoCreateDevice
IoSizeofWorkItem
ExSizeOfRundownProtectionCacheAware
ZwSetInformationThread
PsCreateSystemThread
ZwQueryDirectoryFile
ZwDuplicateObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
RtlGUIDFromString
KeClearEvent
IoForwardIrpSynchronously
ObReleaseObjectSecurity
ObSetSecurityObjectByPointer
ObGetObjectSecurity
IoCreateSymbolicLink
IoUninitializeWorkItem
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoGetDeviceProperty
IoUnregisterPlugPlayNotification
IoDetachDevice
IoRegisterPlugPlayNotification
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
PoRegisterPowerSettingCallback
EtwRegister
RtlInitializeGenericTableAvl
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoAllocateDriverObjectExtension
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
KeBugCheckEx
RtlUnwind
KeGetCurrentThread
InterlockedPushEntrySList
IoBuildPartialMdl
InterlockedPopEntrySList
EtwUnregister
EtwProviderEnabled

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 1015B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ac9b3d4f01ae5fe6a326219a159f5b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 353B

PAGELK Size: 157KB - Virtual size: 156KB

PAGE Size: 1024B - Virtual size: 1015B

INIT Size: 7KB - Virtual size: 6KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 353B

PAGELK
Size: 157KB - Virtual size: 156KB

PAGE
Size: 1024B - Virtual size: 1015B

INIT
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 6KB - Virtual size: 6KB