adc34ea4a6686e196cec56ae1eb9f449

Sharing

Copy URL

Twitter E-mail

General

Target

adc34ea4a6686e196cec56ae1eb9f449
Size

40KB
MD5

adc34ea4a6686e196cec56ae1eb9f449
SHA1

ce17d5b74df580adc0219f95e42e4e62c4b2d726
SHA256

f67fe007523f7ffbefb631758bbdb3e938441e7460479948b8cb1e179ad86ed7
SHA512

d0bee0d030da842d7213404dff8b80d330df97adf112ac8d74ecf1132903c816a4e0ee272b8b8073536a6ed5a3f9d3568766f9f55351f008adc390c8ce6188b8
SSDEEP

768:RfRCCG/ZN284yyzjmN2r9RzPRIbXeZBgo1iUYQy8V13:RfRCC+ZN2Pyyz6NwbDubBo1izZW1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adc34ea4a6686e196cec56ae1eb9f449

Files

adc34ea4a6686e196cec56ae1eb9f449
.sys windows:4 windows x86 arch:x86

a9fa77b124e89879cf86d68fa9f17054

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
ObReferenceObjectByHandle
wcslen
swprintf
wcscat
wcscpy
RtlInitUnicodeString
_stricmp
wcsstr
_wcslwr
ZwClose
ZwOpenKey
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
RtlCompareUnicodeString
KeQuerySystemTime
_snwprintf
wcschr
_wcsnicmp
ObfDereferenceObject
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateFile
KeTickCount
KeQueryTimeIncrement
PsSetCreateProcessNotifyRoutine
ZwSetInformationFile
IoRegisterDriverReinitialization
IofCompleteRequest
strncmp
strncpy
PsLookupProcessByProcessId
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwCreateKey
KeDelayExecutionThread
RtlCopyUnicodeString
MmGetSystemRoutineAddress
_except_handler3
ZwDeleteKey
wcsrchr
_wcsicmp
RtlAnsiStringToUnicodeString
IoDeviceObjectType

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECODE
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 65B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9fa77b124e89879cf86d68fa9f17054

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 8B

PAGECODE Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 65B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 8B

PAGECODE
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 65B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB