a27d0483015c0c03c63d72ef35bb8cbc

Sharing

Copy URL Twitter E-mail

General

Target

a27d0483015c0c03c63d72ef35bb8cbc
Size

793KB
MD5

a27d0483015c0c03c63d72ef35bb8cbc
SHA1

245d3f3cae2834bab4a2bac3d5e96ce0ca78d30e
SHA256

6d475b148222e98a20f165c4868e212788247a4f8e0028afaf5f128c4d0aa715
SHA512

31abbfe74ea3364ce950940735ef96c0eedc24e2edfdcc113e1065ea1963f71fa52b7c03ccb92a6d88b71ddb56b945499c8fd78cc9634e9c239cd7dedc3d13e2
SSDEEP

12288:Ueev0bKsNxeZEJIaywwCpojEAtA00aPCKiX4oFirTp+jaE9ES73CW:Ut0usNVJIa3wQojEVlJJeE9ESW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a27d0483015c0c03c63d72ef35bb8cbc

Files

a27d0483015c0c03c63d72ef35bb8cbc
.sys windows:5 windows x64 arch:x64

4d106ae9e919c8cba94ca6442dd9de0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tcpip.pdb

Imports

ntoskrnl.exe

MmIsThisAnNtAsSystem
RtlUnicodeStringToInteger
RtlAppendUnicodeToString
ExLocalTimeToSystemTime
RtlTimeToTimeFields
RtlIpv4StringToAddressW
ZwEnumerateValueKey
KeReadStateEvent
KeWaitForSingleObject
KeReleaseMutex
_wcsicmp
wcschr
wcsncpy
ZwSetInformationThread
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeQueryTimeIncrement
KeSetEvent
MmLockPagableSectionByHandle
ExInitializeNPagedLookasideList
KeInitializeDpc
KeInitializeTimer
KeSetTimerEx
KeDelayExecutionThread
ExDeleteNPagedLookasideList
ExAcquireFastMutex
ExReleaseFastMutex
ZwOpenKey
IoIs32bitProcess
ZwQueryValueKey
ZwSetValueKey
IoGetCurrentProcess
IoWMIRegistrationControl
IoGetFileObjectGenericMapping
RtlMapGenericMask
SeExports
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
ObGetObjectSecurity
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
SeSetSecurityDescriptorInfo
ZwQuerySystemInformation
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IofCallDriver
ObfDereferenceObject
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlGetAce
RtlAddAce
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSelfRelativeToAbsoluteSD
ObSetSecurityObjectByPointer
VerSetConditionMask
RtlVerifyVersionInfo
ExNotifyCallback
ExCreateCallback
KeInitializeTimerEx
ExGetCurrentProcessorCounts
DbgBreakPoint
KeSetTargetProcessorDpc
KeBugCheck
ObfReferenceObject
PsGetCurrentProcessId
PsGetCurrentProcess
KeInsertQueueDpc
IoAllocateMdl
MmBuildMdlForNonPagedPool
ObReferenceObjectByHandle
IoFileObjectType
MmUnlockPages
MmProbeAndLockPages
ObDereferenceSecurityDescriptor
SeLockSubjectContext
SeAccessCheck
SeAppendPrivileges
SeFreePrivileges
SeUnlockSubjectContext
RtlQueryRegistryValues
ProbeForWrite
SeAssignSecurity
ObLogSecurityDescriptor
RtlSetBit
KeInitializeMutex
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ExQueryDepthSList
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
MmQuerySystemSize
ZwClose
RtlCompareUnicodeString
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
RtlAreBitsSet
RtlFindClearRuns
RtlClearBits
RtlFindClearBitsAndSet
DbgPrint
ZwLoadDriver
RtlAppendUnicodeStringToString
KeResetEvent
RtlCopyUnicodeString
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
ExInterlockedAddUlong
MmMapLockedPagesSpecifyCache
IoFreeMdl
ExInterlockedInsertTailList
MmUnlockPagableImageSection
MmLockPagableDataSection
RtlUnicodeStringToAnsiString
KeClearEvent
KeCancelTimer
RtlInitUnicodeString
RtlPrefetchMemoryNonTemporal
MmMapLockedPages
RtlComp�tMemory
IoRaiseInformationalHardError
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
KeTestSpinLock
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
ExFreePoolWithTag
KeInitializeEvent
ExAllocatePoolWithTagPriority
KeReleaseSpinLock
KeNumberProcessors
ObReleaseObjectSecurity
KeBugCheckEx
InitializeSListHead
ZwCreateFile
ZwDeviceIoControlFile
__C_specific_handler

hal

KeQueryPerformanceCounter

ndis.sys

NdisRequest
NdisUnchainBufferAtFront
NdisFreePacket
NdisAllocatePacket
NdisCloseAdapter
NdisCancelSendPackets
NdisGetReceivedPacket
NdisCompletePnPEvent
NdisQueryAdapterInstanceName
NdisFreeMemory
NdisRegisterProtocol
NdisFreePacketPool
NdisAllocatePacketPoolEx
NdisOpenAdapter
NdisGetDriverHandle
NdisAllocateBuffer
NdisReturnPackets
NdisSetPacketPoolProtocolId
NdisCompleteBindAdapter
NdisReEnumerateProtocolBindings
NdisAllocateBufferPool
NdisFreeBufferPool
NdisDestroyBlockPool
NdisGetVersion
NdisGetRoutineAddress
NdisCopyBuffer

tdi.sys

CTEBlockWithTracker
CTESystemUpTime
CTEBlock
CTEInitEvent
CTEScheduleDelayedEvent
CTESignal
CTEStartTimer
CTELogEvent
CTEInitTimer
TdiRegisterNetAddress
TdiDeregisterNetAddress
TdiProviderReady
TdiRegisterDeviceObject
TdiDeregisterDeviceObject
CTEInitialize
CTEScheduleEvent
TdiRegisterProvider
TdiDeregisterProvider
TdiPnPPowerRequest
TdiCopyMdlChainToMdlChain
TdiInitialize
TdiDeregisterPnPHandlers
TdiCopyBufferToMdlWithReservedMappingAtDpcLevel
TdiRegisterPnPHandlers
TdiCopyBufferToMdl
CTEInsertBlockTracker
CTERemoveBlockTracker
TdiMapUserRequest

Exports

Exports

ARPRcv
FreeIprBuff
GetIFAndLink
IPAddInterface
IPAllocBuff
IPDelInterface
IPDelayedNdisReEnumerateBindings
IPDeregisterARP
IPDisableSniffer
IPEnableSniffer
IPFreeBuff
IPGetAddrType
IPGetBestInterface
IPGetInfo
IPInjectPkt
IPProxyNdisRequest
IPRcvComplete
IPRcvPacket
IPRegisterARP
IPRegisterProtocol
IPSetIPSecStatus
IPTransmit
LookupRoute
LookupRouteInformation
LookupRouteInformationWithBuffer
SendICMPErr
SetFirewallMode
SetIPSecPtr
UnSetIPSecPtr
UnSetIPSecSendPtr
tcpxsum

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGELK
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEIPMc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d106ae9e919c8cba94ca6442dd9de0d

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

tdi.sys

Exports

Exports

Sections

.text Size: 526KB - Virtual size: 526KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 2KB - Virtual size: 204KB

.pdata Size: 97KB - Virtual size: 97KB

PAGELK Size: 3KB - Virtual size: 2KB

PAGE Size: 11KB - Virtual size: 10KB

PAGEIPMc Size: 15KB - Virtual size: 14KB

.edata Size: 1024B - Virtual size: 836B

INIT Size: 40KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 512B - Virtual size: 228B

.text
Size: 526KB - Virtual size: 526KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 2KB - Virtual size: 204KB

.pdata
Size: 97KB - Virtual size: 97KB

PAGELK
Size: 3KB - Virtual size: 2KB

PAGE
Size: 11KB - Virtual size: 10KB

PAGEIPMc
Size: 15KB - Virtual size: 14KB

.edata
Size: 1024B - Virtual size: 836B

INIT
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 228B