b8f18525d4b2ec7ff9b1355257b89471

General

Target

b8f18525d4b2ec7ff9b1355257b89471
Size

749KB
MD5

b8f18525d4b2ec7ff9b1355257b89471
SHA1

7bed4fbbab56a50345db9f7b9cc92f1230ffd948
SHA256

1aa976ecb4f68887b4455d57abf61b886dd9100de5c7818a972ada792e449295
SHA512

0c0413bc6b6c25252398f58435d483d8d3ecde27d52f0edd45079cb1d3e045c0f09362a14852d9452f09339501bdadafa9f7009ad0e1c17a73d6741fd648e319
SSDEEP

12288:4/kSgNbnWlmAozNA1WZX5lvCnezC4Au7q4zYxKMZPjP6JXX8jSiyY92i54B:4/c5nWae1Avn9q4zYQnJXXWSq754B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8f18525d4b2ec7ff9b1355257b89471

Files

b8f18525d4b2ec7ff9b1355257b89471
.sys windows:4 windows x86 arch:x86

d10582cbf67ffdd52ad4de98c457f0f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapIoSpace
MmIsAddressValid
ExQueryPoolBlockSize
RtlAssert
PfxFindPrefix
IoCheckShareAccess
towlower
_except_handler2
NtDeviceIoControlFile
HalPrivateDispatchTable
KeReadStateMutant
NtSetQuotaInformationFile
KiReleaseSpinLock
MmMapViewInSessionSpace
KeInitializeQueue
CcGetFileObjectFromSectionPtrs
ExIsProcessorFeaturePresent
PfxInsertPrefix
InterlockedExchangeAdd
SeSetAccessStateGenericMapping
ZwSetSystemTime
ZwCreateSymbolicLinkObject
RtlUnwind
IoConnectInterrupt
RtlTimeToTimeFields
SePrivilegeCheck
IoReleaseCancelSpinLock
IoDeleteDevice
KeRemoveQueueDpc
ObQueryNameString
KeInitializeTimer
FsRtlIsFatDbcsLegal
strrchr
IoCreateStreamFileObjectLite
MmAllocateNonCachedMemory
strcmp
ZwTerminateProcess
ZwOpenEvent
IoGetBaseFileSystemDeviceObject
IoGetCurrentProcess
CcZeroData
ZwQueryInstallUILanguage
CcMdlReadComplete
ZwOpenTimer
wcschr
CcDeferWrite
ExSemaphoreObjectType
RtlUnicodeStringToOemSize
IoBuildAsynchronousFsdRequest

Sections

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d10582cbf67ffdd52ad4de98c457f0f7

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 343KB - Virtual size: 342KB

.rdata Size: 512B - Virtual size: 292B

.data Size: 9KB - Virtual size: 22KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 393KB - Virtual size: 393KB

.text
Size: 343KB - Virtual size: 342KB

.rdata
Size: 512B - Virtual size: 292B

.data
Size: 9KB - Virtual size: 22KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 393KB - Virtual size: 393KB