b48aec8a7ffd27ec5e71afb163fbdec0

General

Target

b48aec8a7ffd27ec5e71afb163fbdec0
Size

746KB
MD5

b48aec8a7ffd27ec5e71afb163fbdec0
SHA1

c46c1a8145ed7e84281f3e66383d9691603cdc23
SHA256

fd840a849059091204ce4228cadd69fc4b87f55da3ab7d4c897a6e5ad815d4b3
SHA512

5415fd2628af45e4db699ec14173724048d4124174d5a3985054cbb3148c290f331ba673f04b6994b6e3863339691b3b4f5236b34cc85757b6577389b31a3b10
SSDEEP

12288:qeqbbcbTw8j6BuF4ZvIOTF6nL40+nmJxqS6knn/T99YTXtHici:q9bSwGguF4ZQGP0+SqEnnr/YTdC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b48aec8a7ffd27ec5e71afb163fbdec0

Files

b48aec8a7ffd27ec5e71afb163fbdec0
.sys windows:4 windows x86 arch:x86

6e3560d060a71bec67b86e43fb31c63f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAllocatePoolWithTag
RtlCompareMemory
IoCreateDevice
ZwQueryValueKey
IoFreeIrp
PoStartNextPowerIrp
RtlFreeUnicodeString
IoAllocateIrp
MmMapLockedPagesSpecifyCache
ZwOpenKey
RtlQueryRegistryValues
ExFreePool
KeInitializeTimer
IoWMIRegistrationControl
KeClearEvent
IoSetDeviceInterfaceState
PoSetPowerState
PoRequestPowerIrp
MmBuildMdlForNonPagedPool
IoReleaseCancelSpinLock
RtlAnsiStringToUnicodeString
IoDeleteSymbolicLink
KeResetEvent
MmMapIoSpace
ZwCreateKey
KeReleaseMutex
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
KeSetTimerEx
MmUnlockPages
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ExFreePoolWithTag
_snprintf
RtlInitUnicodeString

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 970B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e3560d060a71bec67b86e43fb31c63f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 312KB - Virtual size: 311KB

.rdata Size: 512B - Virtual size: 189B

.data Size: 16KB - Virtual size: 15KB

INIT Size: 1024B - Virtual size: 970B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 414KB - Virtual size: 413KB

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 512B - Virtual size: 189B

.data
Size: 16KB - Virtual size: 15KB

INIT
Size: 1024B - Virtual size: 970B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 414KB - Virtual size: 413KB