b4cbb4ba390506270d12156f698e7d2b

General

Target

b4cbb4ba390506270d12156f698e7d2b
Size

8KB
MD5

b4cbb4ba390506270d12156f698e7d2b
SHA1

80b9126c580487456c161d1e1e1c7fb675baab37
SHA256

f4ca7426ddcb770fb16228e2e46cbe13add1e32648f9cba237e6331b60fa949f
SHA512

8000202cfd2617f89aec15aea8217b2ed0bab4b4e981bd3122523d5473f9ae8ef5406999ac753ba7d415e6bd00042ed96260d2436439b7d8fcd365426f031889
SSDEEP

192:XDRuCZzihk4k5i7TVvWIx/JWMlWb8/XC9Ec6m9F:1ViK4xBlK8/u6mb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4cbb4ba390506270d12156f698e7d2b

Files

b4cbb4ba390506270d12156f698e7d2b
.sys windows:5 windows x86 arch:x86

3cd13e324cb64777d18ddfb109b74bea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncat
ExAllocatePoolWithTag
ZwQuerySystemInformation
_stricmp
IoGetCurrentProcess
ZwClose
ZwUnmapViewOfSection
strncmp
PsGetVersion
strncpy
DbgPrint
ObfDereferenceObject
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ExFreePool
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
wcscmp
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwCreateKey
ZwSetValueKey
wcslen
RtlInitUnicodeString
_except_handler3
RtlCompareMemory

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cd13e324cb64777d18ddfb109b74bea

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 564B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 564B