ad4dd102e8c7b2615e5223f179955bca

Sharing

Copy URL Twitter E-mail

General

Target

ad4dd102e8c7b2615e5223f179955bca
Size

767KB
MD5

ad4dd102e8c7b2615e5223f179955bca
SHA1

06bf788ec702e879093f78b94eb6fe7af2c0ca7d
SHA256

f843610b47175e0d866033eb03025bfbfe880c58c882aa9718fb4b3f8bda92b3
SHA512

397474649ca121813a2b3440bcbe977b5c123b13df3a882ea933996c238afacfae0642c73166970332a01c3117c8dc1475af55fc51c5aefa103fef6fe103b95d
SSDEEP

12288:g9X5t6ktgvt108ydWc2ZIb73OjwXf58RgHz3pKstf4JAXM77nidJcFM:g9v6ktc10Tp3yOWRgHzrtg28viUi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad4dd102e8c7b2615e5223f179955bca

Files

ad4dd102e8c7b2615e5223f179955bca
.sys windows:4 windows x86 arch:x86

a69d7f5e8d43a8d683b72f480c9f1f3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
KeEnterCriticalRegion
SeAuditingHardLinkEvents
IoSetIoCompletion
IoCreateController
IoUnregisterFsRegistrationChange
InbvSetTextColor
IoCreateDevice
ZwCreateKey
SeCaptureSubjectContext
CcMapData
RtlTimeToSecondsSince1970
KeEnterKernelDebugger
FsRtlNumberOfRunsInLargeMcb
RtlWriteRegistryValue
IoUpdateShareAccess
RtlAddAccessAllowedAce
ZwOpenTimer
RtlValidRelativeSecurityDescriptor
PfxInitialize
ExDesktopObjectType
RtlUpcaseUnicodeStringToCountedOemString
RtlDelete
Exfi386InterlockedDecrementLong
IoReadOperationCount
MmIsNonPagedSystemAddressValid
PoRegisterDeviceForIdleDetection
KeRemoveDeviceQueue
ZwDuplicateObject
MmGrowKernelStack
RtlLengthSecurityDescriptor
SeRegisterLogonSessionTerminatedRoutine
RtlGetDaclSecurityDescriptor
ZwDeleteFile
ExRaiseDatatypeMisalignment
IoWMIAllocateInstanceIds
WRITE_REGISTER_BUFFER_UCHAR
DbgBreakPointWithStatus
FsRtlFastCheckLockForWrite
KeInitializeQueue
IoFreeMdl
ObQueryNameString
RtlFindUnicodePrefix
SeAuditingFileOrGlobalEvents
RtlAnsiStringToUnicodeSize
ZwSetEaFile
PsSetProcessPriorityByClass
isdigit
wcscspn
FsRtlDoesNameContainWildCards
KeClearEvent
isspace
PsTerminateSystemThread
RtlClearAllBits
RtlLookupElementGenericTable
ZwConnectPort
RtlAppendUnicodeStringToString
IoFreeController
FsRtlMdlReadCompleteDev
InbvResetDisplay
DbgLoadImageSymbols
FsRtlPrepareMdlWrite
isxdigit
KeReleaseSemaphore
RtlConvertUlongToLargeInteger
IoDeleteDriver
ExInterlockedIncrementLong
PsGetCurrentThreadId
MmIsAddressValid
IoCreateSymbolicLink
strspn
FsRtlNormalizeNtstatus
KeInitializeEvent
RtlCopyRangeList
ZwCreateFile
ExReinitializeResourceLite
IoAllocateIrp
KeSetSystemAffinityThread
_wcsicmp
SeSystemDefaultDacl
KiAcquireSpinLock
RtlGetAce
IoDeleteDevice
KeRemoveQueue
IoAttachDeviceByPointer
RtlAbsoluteToSelfRelativeSD
KeQueryActiveProcessors
strstr

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a69d7f5e8d43a8d683b72f480c9f1f3f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 512B - Virtual size: 391B

.data Size: 11KB - Virtual size: 26KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 512B - Virtual size: 391B

.data
Size: 11KB - Virtual size: 26KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 402KB - Virtual size: 401KB