9971ca4934502b3160cb0fedfd5ee717

General

Target

9971ca4934502b3160cb0fedfd5ee717
Size

339KB
MD5

9971ca4934502b3160cb0fedfd5ee717
SHA1

be8c884136a59f10c850f48b4477ff716e457496
SHA256

fd7658c571c1cf43bdba610897c3918bfdc59c12b02790599796f228e629b6dc
SHA512

0822793568432c0407da8912436426c8d2a1fbf2967e4d08214611ca99efebb909ebe9b5fea4155e361b5b301c481306e4a4726e8b825b6a467afc77a935ebfd
SSDEEP

6144:pKssKM+PEHyLGIzEdWbrt+uEIeYWB0I2PlE2F/1kBUtAyDUpRCNabEyMB5lklOYC:ppzPEHyLH3nt+hDl2PORBCDKELvlkMPJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9971ca4934502b3160cb0fedfd5ee717

Files

9971ca4934502b3160cb0fedfd5ee717
.sys windows:4 windows x86 arch:x86

a173cf4fc312895d4fa66abe9acb1c87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFastQueryNetworkAttributes
RtlVolumeDeviceToDosName
KeInitializeMutex
RtlCreateAcl
FsRtlGetNextFileLock
ZwCreateSection
RtlFindLeastSignificantBit
RtlValidRelativeSecurityDescriptor
RtlTraceDatabaseFind
_aullrem
SeOpenObjectForDeleteAuditAlarm
MmCreateMdl
IoReadOperationCount
RtlGUIDFromString
IoInvalidateDeviceState
_itow
KeSetKernelStackSwapEnable
RtlFindSetBitsAndClear
IoRegisterBootDriverReinitialization
IoFileObjectType
ZwSetInformationThread
KeI386ReleaseLid
ZwSetSystemInformation
InterlockedExchange
ExRaiseHardError
RtlAllocateHeap
ExRegisterCallback
MmLockPagableSectionByHandle
ExInterlockedAddUlong
KeInsertByKeyDeviceQueue
KeServiceDescriptorTable
NtDeviceIoControlFile
KeSetEventBoostPriority
ExGetPreviousMode
ExfInterlockedPushEntryList
IoUnregisterFileSystem
FsRtlBalanceReads
KeI386AbiosCall
KeDeregisterBugCheckCallback
RtlLookupElementGenericTable
FsRtlMdlRead
KeI386FlatToGdtSelector
ZwOpenSection
RtlLargeIntegerNegate
ZwCreateEvent
ZwQueryVolumeInformationFile
FsRtlNotifyFullChangeDirectory
tolower
KeInitializeApc
KiAcquireSpinLock
RtlExtendedMagicDivide
ExfInterlockedInsertHeadList

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a173cf4fc312895d4fa66abe9acb1c87

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 325KB - Virtual size: 324KB

.rdata Size: 512B - Virtual size: 284B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 325KB - Virtual size: 324KB

.rdata
Size: 512B - Virtual size: 284B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB