ab1dcc243ffdf49f1a80a2694d05c0b5

General

Target

ab1dcc243ffdf49f1a80a2694d05c0b5
Size

31KB
MD5

ab1dcc243ffdf49f1a80a2694d05c0b5
SHA1

57e6f7c6bd80ae16f1ae6e0f7cc4b2b6cd1ffae0
SHA256

59a308a58904f09f56fb149764e96bbc51eae518b8a1a1af4ee176f2dca3392f
SHA512

0b735b07436ab2eb1e9ac3325f5b8a162525bc4153051c1164c7b941f72ae23519e1c03efb9b6e8b6579021f1f6ef8acadd15be0353cb962dce5b8eb04219bc4
SSDEEP

384:1jsdckYIToqAcFCt1Q+HtKg740mLZSJfqECI:GdnNo2g740mVSJ4I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab1dcc243ffdf49f1a80a2694d05c0b5

Files

ab1dcc243ffdf49f1a80a2694d05c0b5
.sys windows:5 windows x86 arch:x86

e98bb5972a327662d61aabff40c992fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WINDDK\2600\inject\objfre\i386\ahnurl.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
wcsstr
RtlUpcaseUnicodeString
RtlInitUnicodeString
ZwQueryInformationFile
ZwEnumerateKey
ZwEnumerateValueKey
MmGetSystemRoutineAddress
KeServiceDescriptorTable
ZwWriteFile
ZwClose
ZwReadFile
ZwCreateFile
wcscat
wcscpy
ExFreePoolWithTag
ZwDeleteFile
RtlQueryRegistryValues
KeDelayExecutionThread
PsCreateSystemThread
NtMapViewOfSection
ObfDereferenceObject
ZwAllocateVirtualMemory
ObReferenceObjectByHandle
MmSectionObjectType
memmove
ZwUnmapViewOfSection
_stricmp
ZwMapViewOfSection
PsGetCurrentProcessId
ZwOpenSection
wcslen
ZwOpenFile
ExAllocatePoolWithTag

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e98bb5972a327662d61aabff40c992fb

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 384B - Virtual size: 257B

.data Size: 12KB - Virtual size: 12KB

INIT Size: 1024B - Virtual size: 942B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 384B - Virtual size: 257B

.data
Size: 12KB - Virtual size: 12KB

INIT
Size: 1024B - Virtual size: 942B

.reloc
Size: 1KB - Virtual size: 1KB