98fef090914d1147f0582d6f7a892a08

Sharing

Copy URL Twitter E-mail

General

Target

98fef090914d1147f0582d6f7a892a08
Size

22KB
MD5

98fef090914d1147f0582d6f7a892a08
SHA1

50355b8bbb78083e9d5bf9feddc115a3e954e444
SHA256

fc0a51467f4199939fb29818b68c3d066029d71940a66cb9a10dac4c490a5695
SHA512

b7ab6616ae25197d825d290cc4716fd4e3c930643b06c7d6e06bcf860015d735f1fe343c5c0ebaa0991596370404083459591cd8337f3cd8febac43749319e3e
SSDEEP

384:YYZaEWjWWzDc+Qhctunnvk+b1NVV7VCwBH5ikqv6RglaTo/+ViIuGjLSWjWW:lO3/EugvkwV8wBskqi6ok/+VtP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98fef090914d1147f0582d6f7a892a08

Files

98fef090914d1147f0582d6f7a892a08
.sys windows:5 windows x86 arch:x86

bceab9763b883ed66b048f78ee5877b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rootmdm.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IofCallDriver
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwClose
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
ExAllocatePoolWithTag
RtlInitUnicodeString
ExInitializeResourceLite
KeInitializeEvent
KeInitializeSpinLock
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
DbgBreakPoint
memmove
ExDeleteResourceLite
IoDetachDevice
KeWaitForSingleObject
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
PoRequestPowerIrp
KeLeaveCriticalRegion
ExReleaseResourceLite
ObfDereferenceObject
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
KeSetEvent

Sections

.text
Size: 384B - Virtual size: 282B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.plgg
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bceab9763b883ed66b048f78ee5877b7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 384B - Virtual size: 282B

.rdata Size: 256B - Virtual size: 208B

.data Size: 128B - Virtual size: 4B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.plgg Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 236B

.text
Size: 384B - Virtual size: 282B

.rdata
Size: 256B - Virtual size: 208B

.data
Size: 128B - Virtual size: 4B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.plgg
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 236B