bac07db800bcabccc90134cb5cbc4a74

Sharing

Copy URL

Twitter E-mail

General

Target

bac07db800bcabccc90134cb5cbc4a74
Size

40KB
MD5

bac07db800bcabccc90134cb5cbc4a74
SHA1

810f1fddcf3c540dfaa6dcb07947dbf33c527e75
SHA256

c5803a1bb303991bb5e84063a3f3a8c23f60877b16734f648adb6a37fcabd0e9
SHA512

e398bae5e1d80112e7c70970a783989e69b36d2fe685aff9b00df5a77e0d64942739d4704bba0275fe38ae2a7bd2c2366bcee8c72f1f7e9db839da52b31a8a21
SSDEEP

768:O5w3VBHjPB2wtrBG2jxLLV1H65+U4ZBh0iPR3D/RWPf972p2yuoWA9O1KEmzCzXV:O5w3VBbjtrB9jxLLV1Hk+tXKiNlWPlU6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bac07db800bcabccc90134cb5cbc4a74

Files

bac07db800bcabccc90134cb5cbc4a74
.sys windows:4 windows x86 arch:x86

70fb1a293785c03c29751eaf06ccfd78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsicmp
ZwClose
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
ZwOpenKey
RtlInitUnicodeString
wcsncpy
wcsrchr
wcslen
ZwCreateKey
swprintf
RtlCompareUnicodeString
_wcsnicmp
wcscat
wcscpy
ZwSetValueKey
KeDelayExecutionThread
KeQuerySystemTime
ZwSetInformationFile
ZwCreateFile
ZwQueryValueKey
IoDeviceObjectType
_except_handler3
KeTickCount
KeQueryTimeIncrement
_stricmp
IoRegisterDriverReinitialization
_snwprintf
wcschr
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
strncpy
PsLookupProcessByProcessId
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ExAllocatePoolWithTag
PsCreateSystemThread
ExFreePool
_snprintf
wcsstr
_wcslwr
ZwDeleteKey
strncmp
IoGetCurrentProcess
PsGetVersion
PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70fb1a293785c03c29751eaf06ccfd78

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 64B - Virtual size: 53B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 64B - Virtual size: 53B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB