b923c6a1803d51a584a25c4c49d2143a

General

Target

b923c6a1803d51a584a25c4c49d2143a
Size

9KB
MD5

b923c6a1803d51a584a25c4c49d2143a
SHA1

f58c8258bfa1c2dc207c9647ef2d3722cdbba8cd
SHA256

7a71cd75a9a42a080c30c2c53f54028545361e1853fe855bebcd655b96f4fbf2
SHA512

b1c90425da04f69ba65a1a824c20136f2b9ea36773d7c0fb19f72019010f4a4cef879c7ab679a562be027d313ca23ade4016cdfdfe6d5e0130fdfbd890eaed04
SSDEEP

192:4FRTDD5lgGGGwNB/QBGWWovqnB09sevfqjOZ:4XTBiGGGYwvqnmvfXZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b923c6a1803d51a584a25c4c49d2143a

Files

b923c6a1803d51a584a25c4c49d2143a
.sys windows:5 windows x86 arch:x86

e811a858ccaa75da07495f5397667947

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WorkCode\搜索助手\百度搜索伴侣4\Release\i386\FBS5.pdb

Imports

ntoskrnl.exe

DbgPrint
ZwClose
ZwDeleteValueKey
ZwOpenKey
RtlInitUnicodeString
ZwSetValueKey
wcslen
swprintf
ExFreePoolWithTag
ZwEnumerateKey
wcscpy
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwQueryDirectoryFile
ZwCreateKey
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
IoDeleteDevice
IoDeleteSymbolicLink
strncmp
IoGetCurrentProcess
PsGetCurrentProcessId
strncpy
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
ZwCreateFile
strstr
_strlwr
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 279B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 874B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e811a858ccaa75da07495f5397667947

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 384B - Virtual size: 279B

.data Size: 128B - Virtual size: 96B

INIT Size: 896B - Virtual size: 874B

.reloc Size: 512B - Virtual size: 454B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 384B - Virtual size: 279B

.data
Size: 128B - Virtual size: 96B

INIT
Size: 896B - Virtual size: 874B

.reloc
Size: 512B - Virtual size: 454B