9b6ee6082e9d4d0f65c455930a2da4bb

Sharing

Copy URL Twitter E-mail

General

Target

9b6ee6082e9d4d0f65c455930a2da4bb
Size

127KB
MD5

9b6ee6082e9d4d0f65c455930a2da4bb
SHA1

551df1c73ffe3ed6a3705ef0b93e2fcaebb06832
SHA256

cbf54278be1b7ee78be9e9b3df84ca2b12f889ae323428d7e5594a110303e84d
SHA512

6a92e66c1deba5127034379f53d3ac57379619ecff07f9a9d89345a51e46d3f1dcb19f2450798b9890aa4c44a506a2781cbb26ac404a0255c37eceb15cdb2fa6
SSDEEP

3072:Mr1JJlwF1kdRVBoi/vaT56ywMDEZTrSNgvW9IqbSC4nMuYOIjXCjlTCt:MrdlC1kbzDyTFIHSxGqJ4MoIjXCj5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b6ee6082e9d4d0f65c455930a2da4bb

Files

9b6ee6082e9d4d0f65c455930a2da4bb
.sys windows:5 windows x86 arch:x86

62cdd7882cbac3b202975c2b13980090

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
PsCreateSystemThread
RtlAnsiStringToUnicodeString
KeInitializeSpinLock
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
IoDeleteDevice
KeSetEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQuerySystemTime
strncpy
strncmp
MmIsAddressValid
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
IoAllocateMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
KeInitializeEvent
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
ExAllocatePool
IoCreateDevice
isupper
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
isdigit
ZwQueryDirectoryObject
_wcsicmp
MmMapLockedPages
RtlCompareUnicodeString
ZwOpenDirectoryObject
ZwQueryValueKey
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
strchr
RtlInitUnicodeString
RtlTimeToTimeFields
PsTerminateSystemThread
KeTickCount
ZwFlushKey
ZwDeleteKey
KeReadStateSemaphore
KeInitializeSemaphore
KeReleaseSemaphore
ExSystemTimeToLocalTime
toupper
isspace
sprintf
strstr
ExFreePool
tolower
KeBugCheckEx
memcpy
memset
_allmul
_alldiv
_allrem
RtlUnwind

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

sw0?Fiq&
Size: - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AC;%a`M"
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

y,XjG[o>
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

YYoX>pn>
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

h@Yd*^5w
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7Luwp1 f
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

(L kG."5
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DHtQgGED
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62cdd7882cbac3b202975c2b13980090

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

sw0?Fiq& Size: - Virtual size: 141KB

AC;%a`M" Size: - Virtual size: 19KB

y,XjG[o> Size: - Virtual size: 25KB

YYoX>pn> Size: - Virtual size: 1KB

h@Yd*^5w Size: - Virtual size: 8KB

7Luwp1 f Size: - Virtual size: 9KB

(L kG."5 Size: 126KB - Virtual size: 125KB

DHtQgGED Size: 512B - Virtual size: 36B

sw0?Fiq&
Size: - Virtual size: 141KB

AC;%a`M"
Size: - Virtual size: 19KB

y,XjG[o>
Size: - Virtual size: 25KB

YYoX>pn>
Size: - Virtual size: 1KB

h@Yd*^5w
Size: - Virtual size: 8KB

7Luwp1 f
Size: - Virtual size: 9KB

(L kG."5
Size: 126KB - Virtual size: 125KB

DHtQgGED
Size: 512B - Virtual size: 36B