9bab3930c195b7ac2b9d3a5c53e1933f

General

Target

9bab3930c195b7ac2b9d3a5c53e1933f
Size

720KB
MD5

9bab3930c195b7ac2b9d3a5c53e1933f
SHA1

c9a3de18d4a7364ca5c9014d8ade3d0bff60ba70
SHA256

75e96bcbf8e51077d686ea8562a4805ce7a50de4e4d0ce8045d39165c24adfa7
SHA512

43488b1a359b0bb8b77958070e93e4ea862f45846e6b19d49b9a028ef6884e09aefef7e9b49dac5eae33862e3916d61a45359ea55fb4cb4366d0d8b355fbbaa9
SSDEEP

12288:8ff+j0Q3ULH55Aui1V4H+CqBHoFpfLqGTFPwGhzQra:p0Q3ULZ5Xi1VU0IFF3TJwGhaa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bab3930c195b7ac2b9d3a5c53e1933f

Files

9bab3930c195b7ac2b9d3a5c53e1933f
.sys windows:4 windows x86 arch:x86

30205788a841f73f20e70bc2cc7b6a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeWaitForSingleObject
KeInitializeEvent
ZwClose
RtlCompareMemory
PoCallDriver
IoAttachDeviceToDeviceStack
IoDetachDevice
ZwOpenKey
RtlCopyUnicodeString
ExFreePool
IoQueueWorkItem
IoAllocateMdl
IoAllocateWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
IoSetDeviceInterfaceState
IoCancelIrp
IoRegisterDeviceInterface
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
PsCreateSystemThread
IoBuildSynchronousFsdRequest
MmUnmapIoSpace
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
RtlAppendUnicodeStringToString
IoGetAttachedDeviceReference
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
ZwCreateFile
ZwQuerySystemInformation
MmProbeAndLockPages
MmUnlockPages
KeRemoveQueueDpc
ExFreePoolWithTag

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30205788a841f73f20e70bc2cc7b6a62

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 512B - Virtual size: 168B

.data Size: 12KB - Virtual size: 12KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 385KB - Virtual size: 385KB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 512B - Virtual size: 168B

.data
Size: 12KB - Virtual size: 12KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 385KB - Virtual size: 385KB