a32e42b51f23aa5893829e23164ef64b

General

Target

a32e42b51f23aa5893829e23164ef64b
Size

8KB
MD5

a32e42b51f23aa5893829e23164ef64b
SHA1

fd1dbff24ee389cc067c63d935a2fed2c6168ec3
SHA256

8a1c2a2ce46c4938328dcef9524469d43fac5b1fe135484799a3076c57c9e11f
SHA512

8d4d7b6d8f9e0e0054aac0c04d3ff287b1dbfb8873c2edcebe8adf1fbb0e361c6fbedfc3716ec541b7d60a32d47844d02bb5b9a52d36ffe08d20b5087fc60b37
SSDEEP

192:otTyF4B5QZ/flicRSh5Ny2cpLg7Xfq8+33:xF4vQ/Aty2cSy13

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a32e42b51f23aa5893829e23164ef64b

Files

a32e42b51f23aa5893829e23164ef64b
.sys windows:5 windows x86 arch:x86

f0029b0255342d42e913c9ab64c779a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
_except_handler3
strncmp
IoGetCurrentProcess
IofCompleteRequest
ExAllocatePoolWithTag
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
PsGetVersion
ZwEnumerateKey
ZwDeviceIoControlFile
ZwCreateKey
ZwSetValueKey
wcscmp
ExFreePool
strncat
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
_stricmp
RtlFreeAnsiString
RtlCompareMemory
RtlUnicodeStringToAnsiString
ZwUnmapViewOfSection
strncpy
ObfDereferenceObject
ZwQueryDirectoryFile
DbgPrint

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 544B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0029b0255342d42e913c9ab64c779a3

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 1014B

.reloc Size: 544B - Virtual size: 526B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 1014B

.reloc
Size: 544B - Virtual size: 526B