9b2691813d25a2dcf55f3b35c9e6cbf7

General

Target

9b2691813d25a2dcf55f3b35c9e6cbf7
Size

52KB
MD5

9b2691813d25a2dcf55f3b35c9e6cbf7
SHA1

bd994a636089721831f8459b530cd6c26685599f
SHA256

827b937272cda7f1538123c0a12b510627628bcc7f70fb4945858d49f2340619
SHA512

d8bcdddc26131fc5a54e4676a166d8a90ce3ba1361b3712a7a68f1709e8e756e6984b24e39b7df0cbce82b653654928e4b330d4820882137ff2e616e522ea1f4
SSDEEP

768:SF5EoNnPdqV2m/ywDfW7PJD2ccGVQxDu7e1CXqAjDjR4o+Ylisc3BE3Py:SPbFO2RtacB+u7eYz8sjy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b2691813d25a2dcf55f3b35c9e6cbf7

Files

9b2691813d25a2dcf55f3b35c9e6cbf7
.sys windows:4 windows x86 arch:x86

a5a297fd20bb96a30e5e8f46346ca798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
strncmp
strncpy
wcsncmp
towlower
wcscpy
ZwEnumerateKey
wcscat
RtlCopyUnicodeString
wcsstr
IofCompleteRequest
IoRegisterDriverReinitialization

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 192B - Virtual size: 169B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5a297fd20bb96a30e5e8f46346ca798

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 192B - Virtual size: 169B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 192B - Virtual size: 169B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB