99c557fa2ce00afeb239cb5e30c3772a

General

Target

99c557fa2ce00afeb239cb5e30c3772a
Size

29KB
MD5

99c557fa2ce00afeb239cb5e30c3772a
SHA1

334c7967bdc1ecca82473c61ec39b52da8d083f6
SHA256

2dcaf04e65e095b0087b7bf354d6498a8a7c7fd4789d2c0c9516c13bd1c6a310
SHA512

4de81886882943a41150977b1f8e934ca18b1b8ea90b0409345cf766e762a2214a792e061f1d7bf3db337813db6cff4b9ddf50563936198bdcedacce3aff9308
SSDEEP

768:oGZvzncgdxct1hzX6kKPts/KTtzdQRHoqGiSI:xvddxmPGts/KTFGRHo6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99c557fa2ce00afeb239cb5e30c3772a

Files

99c557fa2ce00afeb239cb5e30c3772a
.sys windows:6 windows x86 arch:x86

08d835a56af436c3e1d75355e82f7929

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\source\nsoft\v1.0\driver\objfre_wxp_x86\i386\drive4.pdb

Imports

ntoskrnl.exe

NtBuildNumber
RtlInitUnicodeString
wcsncpy
memset
IofCompleteRequest
ExFreePoolWithTag
ZwClose
ZwWriteFile
ZwCreateFile
ExAllocatePool
_except_handler3
memcpy
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
ZwQuerySystemInformation
ObReferenceObjectByHandle
ZwOpenThread
ObfReferenceObject
PsLookupProcessByProcessId
ObfDereferenceObject
IoFreeMdl
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
wcsncmp
ObOpenObjectByName
wcsstr
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExAllocatePoolWithTag
MmIsAddressValid
IoRegisterFsRegistrationChange
KeInitializeMutex
ProbeForRead
RtlImageDirectoryEntryToData
strstr
ObQueryNameString
KeServiceDescriptorTable
wcsncat
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwQueryDirectoryFile
ZwOpenFile
ZwOpenProcess
IoAllocateMdl

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08d835a56af436c3e1d75355e82f7929

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 640B - Virtual size: 540B

.data Size: 14KB - Virtual size: 14KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 830B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 640B - Virtual size: 540B

.data
Size: 14KB - Virtual size: 14KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 830B