a3a991595ac77768a214608ab5913c66

Sharing

Copy URL

Twitter E-mail

General

Target

a3a991595ac77768a214608ab5913c66
Size

14KB
MD5

a3a991595ac77768a214608ab5913c66
SHA1

bd798af1cd0ad27acf72cf0a76a399f24951762e
SHA256

12e9b79ddae060abf8142d37722a33c2fe22e4a607ca8f9c9a5aa811abfd3962
SHA512

8f9eecf3ca99eabef84957e84d9ff7ce465cadc88856d97d76c078fc1032f16d04a8214a6664acaf58f19363da4f68b8b27742c52e1559c059f1588ee0490fa6
SSDEEP

384:/LaPBUT4jM96l3lVmF6GBEdaHjUBtWSg8WWwWkc:WZUT4jMkZ7mMGqVPW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3a991595ac77768a214608ab5913c66

Files

a3a991595ac77768a214608ab5913c66
.sys windows:5 windows x86 arch:x86

60d17fce5280c361c3ce2a8a66e30c56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbscan.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
IoCreateSymbolicLink
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_snprintf
RtlUnicodeStringToInteger
wcsstr
ZwQueryValueKey
IoDeleteSymbolicLink
wcslen
KeSetEvent
InterlockedIncrement
InterlockedDecrement
IofCompleteRequest
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ExFreePool
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDetachDevice
InterlockedExchange
KeCancelTimer
KeReadStateTimer
KeSetTimer
KeInitializeDpc
KeInitializeTimer
MmMapLockedPages
_except_handler3
ProbeForRead
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
KeTickCount
KeBugCheckEx
RtlInitUnicodeString
ZwSetValueKey
IoSetDeviceInterfaceState
ZwClose

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx
USBD_ParseDescriptors

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60d17fce5280c361c3ce2a8a66e30c56

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

usbd.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 468B

.data Size: 128B - Virtual size: 24B

PAGE Size: 7KB - Virtual size: 7KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 640B - Virtual size: 586B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 468B

.data
Size: 128B - Virtual size: 24B

PAGE
Size: 7KB - Virtual size: 7KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 640B - Virtual size: 586B