bb8ad821715b481c4c664870671932f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb8ad821715b481c4c664870671932f3
Size

65KB
MD5

bb8ad821715b481c4c664870671932f3
SHA1

6b2a09b25ca70f0ff8663820aa74b4582011211f
SHA256

f77126aa2b1992c8f654a8b5d1a3d9024ba5307ac8ef653ff529aa60aadf693b
SHA512

07b33d6a4b61ed2cb24ff89abce216409e99b5ea82a4fdf2570ce23fa2530d7fafbe37e2e2d7f9237aae0d863133e17f911d349becdca193319249ee5bf6fc6e
SSDEEP

384:Am4u98x+Yl8g8QWD6GoivxKrQxmHs6PwEAIpv92EAbDuGd1ZdTlCVG1m/X7QAUgY:Adu4yuItoikAvfMGlf6S1uSF5w2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb8ad821715b481c4c664870671932f3

Files

bb8ad821715b481c4c664870671932f3
.sys windows:5 windows x86 arch:x86

6b880a1984a21c125b765ce7d622437b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ifsddk\src\bypass\bypass\i386\bypass.pdb

Imports

ntoskrnl.exe

MmIsAddressValid
KeServiceDescriptorTable
ExFreePoolWithTag
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
ObReferenceObjectByHandle
ZwOpenProcess
wcslen
_strnicmp
KeDetachProcess
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
IoDeleteDevice
RtlInitUnicodeString
IofCompleteRequest
MmUserProbeAddress
NtBuildNumber
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
strstr
_strupr
strncpy
DbgPrint
memchr

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ