b80284b0e3e42bbe541e76a02d06a6af

Sharing

Copy URL Twitter E-mail

General

Target

b80284b0e3e42bbe541e76a02d06a6af
Size

44KB
MD5

b80284b0e3e42bbe541e76a02d06a6af
SHA1

d424c583dd41c3db8585dfd9419ccc11408227d8
SHA256

e8870bc38fce4cccb7c4e4c27f464ac35dd3d3c917737852605a6fac99f71d57
SHA512

6be462798a46bc836c49bbae98cbf9472938de4fb5c0b62b535893fd59546b08959d4476aa82dfbc220a620d9e95849b680679b8a9a66741bc9641c3f8f9a9ba
SSDEEP

768:6ZVEoG91Piq927pQuQyn1fnWCYH75IU3X+N9wf4RWooj:2Wo97pT1fWdH9IeX+Lb+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b80284b0e3e42bbe541e76a02d06a6af

Files

b80284b0e3e42bbe541e76a02d06a6af
.dll windows:5 windows x86 arch:x86

736b35a6e6066906a7b650a030270899

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L:\rEfe\voix\rlcuiik\WiWkfmt.pdb

Imports

ntoskrnl.exe

SeValidSecurityDescriptor
ZwOpenSymbolicLinkObject
IoCreateSynchronizationEvent
ExReinitializeResourceLite
ExGetPreviousMode
IoGetDriverObjectExtension
KeUnstackDetachProcess
CcUnpinDataForThread
PsGetCurrentProcess
RtlCharToInteger
FsRtlFastCheckLockForRead
PoSetSystemState
RtlAnsiStringToUnicodeString
KeSaveFloatingPointState
RtlCheckRegistryKey
RtlSecondsSince1970ToTime
ExUnregisterCallback
IoGetBootDiskInformation
RtlSubAuthoritySid
ExGetSharedWaiterCount

Exports

Exports

?ktRcaYkyjuurAj@@YGPAXM@Z

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbgdir
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

736b35a6e6066906a7b650a030270899

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 668B

.edata Size: 512B - Virtual size: 93B

.dbgdir Size: 512B - Virtual size: 512B

.dbg Size: 512B - Virtual size: 512B

INIT Size: 9KB - Virtual size: 9KB

INIT Size: 512B - Virtual size: 454B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 668B

.edata
Size: 512B - Virtual size: 93B

.dbgdir
Size: 512B - Virtual size: 512B

.dbg
Size: 512B - Virtual size: 512B

INIT
Size: 9KB - Virtual size: 9KB

INIT
Size: 512B - Virtual size: 454B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 2KB - Virtual size: 1KB