ac4ae36d0caa30703b7c1d4e42b6f569

General

Target

ac4ae36d0caa30703b7c1d4e42b6f569
Size

8KB
MD5

ac4ae36d0caa30703b7c1d4e42b6f569
SHA1

3b8d6539d37556c0e45da346118598082566c445
SHA256

a3bf07834c6b7d0bf40f6ad166d7ed7870a688642ea65cb7f0b6fecc15bef6e4
SHA512

a60f4a8c337a62aedc7e222ea44ee8d3dab19f0fca08d37c686e16d9b6f714dc249a92ad14d4432e915c0ff5cd06be9aeb821acc96fd07781cb5ddb9bf9042fa
SSDEEP

192:63fXawahsjs9Np6/7Nt0W9XoryGEDUbTTF7:cXkhsI4+SDUbV7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac4ae36d0caa30703b7c1d4e42b6f569

Files

ac4ae36d0caa30703b7c1d4e42b6f569
.sys windows:5 windows x86 arch:x86

77044a7c18a908a6213679dbd84297ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\c_inst~1\(最终~1\(最终~1\BIN\i386\Keyboardlogger.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
KeReleaseSemaphore
KeSetTimer
KeWaitForSingleObject
KeInitializeTimer
IoDetachDevice
IoCreateSymbolicLink
KeInitializeSemaphore
KeInitializeSpinLock
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoCreateNotificationEvent
ExfInterlockedRemoveHeadList
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlFreeUnicodeString
IoAttachDevice
IoCreateDevice
ExfInterlockedInsertTailList
ExAllocatePoolWithTag
KeTickCount
KeBugCheckEx
KeClearEvent
IofCompleteRequest
PsTerminateSystemThread
IofCallDriver

hal

READ_PORT_UCHAR
KeStallExecutionProcessor
WRITE_PORT_UCHAR

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77044a7c18a908a6213679dbd84297ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 256B

.data Size: 512B - Virtual size: 460B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 334B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 256B

.data
Size: 512B - Virtual size: 460B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 334B