9bd58e1b4ddfb4ab0787dcd1a58fa2fb

General

Target

9bd58e1b4ddfb4ab0787dcd1a58fa2fb
Size

14KB
MD5

9bd58e1b4ddfb4ab0787dcd1a58fa2fb
SHA1

4461dd55c2526d2040c2bed7a08b1fb17427f9f7
SHA256

eb46713ac9f3068317def2396190c270c76b69499ffcf7a09b5801bd75d1d51b
SHA512

b550e074317a29e89fe04bb257861f51689e0c74b502f84069fedad79ef57dd9e650ca1efde0cb4e817cf2abf7d62c6347bc724079b0345b54bb271900bb857f
SSDEEP

384:e1OZUxajXSCq6sFGnO4h6P2R1cvJuhWBCuj:Gl0jXSCqTkB7IJu0Bd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bd58e1b4ddfb4ab0787dcd1a58fa2fb

Files

9bd58e1b4ddfb4ab0787dcd1a58fa2fb
.sys windows:4 windows x86 arch:x86

622f40fde3c368b17a1a89b233a02418

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
ExFreePool
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlZeroMemory
ZwQuerySystemInformation
strcat
strcpy
IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
KeWaitForSingleObject
ObDereferenceObject
ObReferenceObjectByHandle
ProbeForRead
ProbeForWrite
PsCreateSystemThread
ZwClose
IoFreeMdl
MmBuildMdlForNonPagedPool
MmCreateMdl
MmMapLockedPages
MmUnmapLockedPages
RtlCompareMemory
RtlFreeUnicodeString
memcpy
IoGetCurrentProcess
Ke386IoSetAccessProcess
Ke386QueryIoAccessMap
Ke386SetIoAccessMap
KeAttachProcess
KeDetachProcess
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
ZwAllocateVirtualMemory
strstr
wcsstr
KeDelayExecutionThread
MmGetSystemRoutineAddress
PsTerminateSystemThread
ZwCreateKey
ZwOpenFile
ZwSetValueKey
RtlCompareUnicodeString
ZwQueryInformationFile
ZwReadFile
IoAllocateMdl
KeServiceDescriptorTable
InterlockedExchange

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 416B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

622f40fde3c368b17a1a89b233a02418

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 80B - Virtual size: 80B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 920B

.reloc Size: 416B - Virtual size: 410B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 80B - Virtual size: 80B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 920B

.reloc
Size: 416B - Virtual size: 410B