9bfc7c6bb1f01cc86245308b11632b24

Sharing

Copy URL Twitter E-mail

General

Target

9bfc7c6bb1f01cc86245308b11632b24
Size

134KB
MD5

9bfc7c6bb1f01cc86245308b11632b24
SHA1

9bf5fcf8a51ea9a9cd2ebe909baf34050f328eae
SHA256

5cd2ddcf27a78c41b0215828e29bb1c1be161290d3cb8d4f450ff6f347cca231
SHA512

932c6a974d8501594907d23fedca3547bc29814702c8f288e63ddd020cbce16716d7b06ba6361f13f7ce0c4e2ad37e3e3037df3567440d284483d12f476c2cc7
SSDEEP

3072:0yOLbgggsPQSsbDGVrCStrg0jvX7H5LIyA40ESxgx:AgjsQbKVrLgA7Hh10ETx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bfc7c6bb1f01cc86245308b11632b24

Files

9bfc7c6bb1f01cc86245308b11632b24
.dll windows:5 windows x86 arch:x86

e4d55b931f999d3aeeab0458e13dac13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlFindClearBits
PsGetThreadProcessId
RtlFreeAnsiString
RtlxOemStringToUnicodeSize
MmLockPagableDataSection
ObGetObjectSecurity
SeAccessCheck
IoReleaseVpbSpinLock
ProbeForWrite
ExDeleteNPagedLookasideList
MmUnsecureVirtualMemory
SeOpenObjectAuditAlarm
IoVerifyVolume
KeSaveFloatingPointState
SeAssignSecurity
RtlRandom
IoUpdateShareAccess
CcUnpinDataForThread
RtlDeleteNoSplay
ZwPowerInformation
IoGetDeviceToVerify
RtlUpcaseUnicodeToOemN
RtlInitUnicodeString
ExCreateCallback
ExVerifySuite
RtlUnicodeStringToOemString
RtlFillMemoryUlong
ObReleaseObjectSecurity
ObQueryNameString
MmCanFileBeTruncated
MmGetPhysicalAddress
FsRtlIsFatDbcsLegal
IoAcquireRemoveLockEx
WmiQueryTraceInformation
MmMapUserAddressesToPage
RtlGUIDFromString
RtlAreBitsClear
KePulseEvent
RtlDeleteRegistryValue
ZwOpenFile
KeLeaveCriticalRegion
RtlCreateRegistryKey
CcMdlReadComplete
RtlUpcaseUnicodeChar
IoIsWdmVersionAvailable
IoCreateDevice
MmAllocateMappingAddress
KeRundownQueue
ExAllocatePoolWithQuotaTag
MmIsAddressValid
ZwSetSecurityObject
IoVolumeDeviceToDosName
IoGetAttachedDevice
ZwQuerySymbolicLinkObject
IoSetPartitionInformation
IoUnregisterFileSystem
IoBuildSynchronousFsdRequest
ExSystemTimeToLocalTime
RtlFreeUnicodeString
IoCheckShareAccess
MmIsDriverVerifying
RtlLengthSecurityDescriptor
KeInitializeDpc
PsCreateSystemThread
IoInvalidateDeviceState
RtlHashUnicodeString
MmLockPagableSectionByHandle
RtlInsertUnicodePrefix
IoFreeErrorLogEntry
KeRemoveEntryDeviceQueue
IoWMIWriteEvent
IoIsOperationSynchronous
ZwQueryKey
RtlUpperString
MmSetAddressRangeModified
IoSetHardErrorOrVerifyDevice
PsGetProcessExitTime
KeBugCheck
RtlAnsiCharToUnicodeChar
IoWMIRegistrationControl
RtlAddAccessAllowedAce
IoStartNextPacket
ExReleaseFastMutexUnsafe
RtlCompareString
ExRegisterCallback
RtlExtendedIntegerMultiply
CcDeferWrite
PsReferencePrimaryToken
ExReinitializeResourceLite
IoAllocateErrorLogEntry
PsGetCurrentProcessId
PsImpersonateClient
KeDeregisterBugCheckCallback
PsGetCurrentThreadId
RtlCompareMemory
IoGetDeviceProperty
MmQuerySystemSize
RtlInitializeGenericTable
PsGetCurrentThread
KeReleaseSemaphore
RtlEqualUnicodeString
RtlMapGenericMask
IoReleaseRemoveLockAndWaitEx
ZwMapViewOfSection
RtlFindLongestRunClear
CcUnpinRepinnedBcb
MmProbeAndLockProcessPages
IoInitializeRemoveLockEx
IoWriteErrorLogEntry
KeReleaseMutex
RtlClearAllBits
MmForceSectionClosed
MmAllocatePagesForMdl
MmFlushImageSection
MmMapLockedPagesSpecifyCache
KeInitializeQueue
IoCancelIrp
ZwLoadDriver
ExIsProcessorFeaturePresent
ObMakeTemporaryObject
IofCompleteRequest
RtlWriteRegistryValue
KeWaitForMultipleObjects
SeTokenIsRestricted
IoGetStackLimits
CcRepinBcb
IoCsqRemoveIrp
IoGetLowerDeviceObject
RtlCopyString
IoCreateStreamFileObject
IoCheckEaBufferValidity
KeSetKernelStackSwapEnable
ZwOpenProcess
RtlValidSid
ZwDeleteKey
ExReleaseResourceLite
CcMdlRead
IoFreeWorkItem
CcGetFileObjectFromBcb
PoRegisterSystemState
RtlIsNameLegalDOS8Dot3
CcPurgeCacheSection
PsDereferencePrimaryToken
RtlTimeFieldsToTime
MmUnlockPages
KeRevertToUserAffinityThread
RtlSetDaclSecurityDescriptor
RtlRemoveUnicodePrefix
IofCallDriver
ZwOpenSection
KdEnableDebugger
PsRevertToSelf
PsSetLoadImageNotifyRoutine
IoInitializeTimer
MmFreeNonCachedMemory
MmFreePagesFromMdl
RtlFindSetBits
RtlDelete
RtlStringFromGUID
KeSynchronizeExecution
KeRemoveDeviceQueue
IoFreeController
KeInsertQueue
FsRtlNotifyUninitializeSync
ZwCreateFile
KeClearEvent
RtlCreateAcl
IoGetBootDiskInformation
RtlxAnsiStringToUnicodeSize
CcCopyRead
KeReadStateTimer
ZwFreeVirtualMemory
RtlxUnicodeStringToAnsiSize
KeGetCurrentThread
RtlSecondsSince1980ToTime
IoDisconnectInterrupt
KefAcquireSpinLockAtDpcLevel
KeSetTimerEx
MmIsThisAnNtAsSystem
ZwCreateSection
KeReadStateMutex
IoRegisterFileSystem
IoSetShareAccess
IoRemoveShareAccess
IoConnectInterrupt
IoDeleteSymbolicLink
ExLocalTimeToSystemTime
IoSetDeviceToVerify
FsRtlSplitLargeMcb
KeDetachProcess
IoGetCurrentProcess
IoGetRequestorProcess
ExGetPreviousMode
KeTickCount
RtlFindLastBackwardRunClear
KeUnstackDetachProcess
CcFastMdlReadWait
IoRegisterDeviceInterface
CcPreparePinWrite
IoFreeIrp
CcFlushCache
ObfReferenceObject
IoGetRelatedDeviceObject
CcZeroData
KeDelayExecutionThread
KeInitializeTimer
FsRtlGetNextFileLock
RtlAnsiStringToUnicodeString
RtlEnumerateGenericTable
ZwClose
PsGetProcessId
MmSecureVirtualMemory
MmAllocateNonCachedMemory
RtlEqualSid
RtlGetCallersAddress
DbgBreakPoint
RtlCreateUnicodeString
IoInvalidateDeviceRelations
MmUnmapReservedMapping
MmBuildMdlForNonPagedPool
RtlDowncaseUnicodeString
ObInsertObject
FsRtlCheckLockForWriteAccess
KeRemoveByKeyDeviceQueue
IoReadPartitionTableEx
FsRtlIsHpfsDbcsLegal
SeAppendPrivileges
IoGetDmaAdapter
ObReferenceObjectByPointer
ZwSetVolumeInformationFile
ZwEnumerateKey
RtlUnicodeToMultiByteN
ZwSetValueKey
RtlAreBitsSet
SeQueryAuthenticationIdToken
KeEnterCriticalRegion
MmProbeAndLockPages
RtlFindLeastSignificantBit
IoGetDeviceInterfaces
IoSetSystemPartition
KeRemoveQueue
SeReleaseSubjectContext
RtlMultiByteToUnicodeN
IoFreeMdl
KeInitializeApc
RtlCreateSecurityDescriptor
FsRtlCheckLockForReadAccess
IoAcquireVpbSpinLock
IoInitializeIrp
ExRaiseDatatypeMisalignment
RtlTimeToSecondsSince1970
IoGetDeviceAttachmentBaseRef
IoGetDriverObjectExtension
IoGetDiskDeviceObject
IoQueryFileInformation
KeInitializeSpinLock
ExRaiseAccessViolation
RtlUnicodeToOemN
RtlFindUnicodePrefix
MmMapIoSpace

Exports

Exports

?RemoveFolderPathOriginal@@IJPAXPAFPAMH@X

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d55b931f999d3aeeab0458e13dac13

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 33KB - Virtual size: 33KB

.init Size: - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 33KB - Virtual size: 33KB

.init
Size: - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 820B