b9fec61c2e7fcddc93fbe9254d042634

General

Target

b9fec61c2e7fcddc93fbe9254d042634
Size

11KB
MD5

b9fec61c2e7fcddc93fbe9254d042634
SHA1

3c31e69c624c35183d03dc7d15a7907c70a451b0
SHA256

71d1ebf679278d889a22fdf762588628fc95209953c8994af1e3902239581a9d
SHA512

aa53d796644b44e64cf214e8acb113a64b845f95bee9dbb68a7c9cd57593bca05eaa6f7363d9d9f1602e5c0667ae1575a761bc0a1474fbd1ad520d63a1cd259f
SSDEEP

96:aaZ6LwH6BaE8IDOUoXfaQPOqAK79GJTt3ulXD2G5XFzp4FI6CyfygFK0hZFxebG/:mkAULU+ZP9gmXD2sD4OTkZF7Y3/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9fec61c2e7fcddc93fbe9254d042634

Files

b9fec61c2e7fcddc93fbe9254d042634
.sys windows:5 windows x86 arch:x86

6a9e4ac65f3d6f4b60f1a4fa6dd1559a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\user32\release\sys\objfre_w2K_x86\i386\hook.pdb

Imports

ntoskrnl.exe

IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
KeInitializeSpinLock
MmMapLockedPages
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeIrp
KeSetEvent
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
KeWaitForSingleObject
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
ZwQuerySystemInformation
ObReferenceObjectByHandle
IoFileObjectType
IoCreateFile
_wcsicmp
ObfReferenceObject
_allmul
ZwReadFile
ZwSetInformationFile
ZwCreateFile
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlUnicodeStringToAnsiString
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
_stricmp
ZwClose
ExFreePool

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a9e4ac65f3d6f4b60f1a4fa6dd1559a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 256B - Virtual size: 168B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 488B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 256B - Virtual size: 168B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 488B