be568d357463eb01a0bad4d4404bf1a9

General

Target

be568d357463eb01a0bad4d4404bf1a9
Size

22KB
MD5

be568d357463eb01a0bad4d4404bf1a9
SHA1

5302dadedd8e2a24a4d84972dadb29f3c509ff9e
SHA256

cabcd11d1d5f0288b9bba7937755bbba566555d59fa4d6e54396b965fc9275dc
SHA512

54509198fa799328227a9b82c38c7f56105b49ae2dfb64b4f6e225ada9b46022c82784e5f54cf8a95041de39e72c9c5f1488e58ef90f5b6266df5c706c90c334
SSDEEP

384:0iUtgU69UJaL6xqKd7wfhrwki5IpYLjMjhjFspPCpBqv80+UVX:RhU4LoqK4m2aMjhjqPEBqv80+UVX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be568d357463eb01a0bad4d4404bf1a9

Files

be568d357463eb01a0bad4d4404bf1a9
.sys windows:4 windows x86 arch:x86

ea50def38502af2c3ddf10ef1b23561a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memset
DbgPrint
ExInitializePagedLookasideList
NtSetQuotaInformationFile
KeIsExecutingDpc
ExAllocatePool
IoAttachDeviceToDeviceStack
ZwQueryInformationProcess
ExInterlockedAddLargeInteger
MmUnmapViewOfSection
FsRtlCopyWrite
RtlLookupElementGenericTableFull
ZwQueryDefaultLocale
CcPrepareMdlWrite
ZwLoadKey
mbtowc
PsGetVersion
KeReleaseMutex
KefReleaseSpinLockFromDpcLevel
wcsncmp
_wcsicmp
RtlDeleteRange
CcSetLogHandleForFile
ZwDeleteValueKey
ExFreePool
KeAcquireSpinLockAtDpcLevel
ExInterlockedInsertTailList
ZwDeleteKey
ZwQueryInformationFile
FsRtlUninitializeLargeMcb

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.bac
Size: 512B - Virtual size: 260B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cab
Size: 512B - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea50def38502af2c3ddf10ef1b23561a

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

ILIT Size: 1024B - Virtual size: 614B

.bac Size: 512B - Virtual size: 260B

.cab Size: 512B - Virtual size: 52B

.data Size: 512B - Virtual size: 340B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

ILIT
Size: 1024B - Virtual size: 614B

.bac
Size: 512B - Virtual size: 260B

.cab
Size: 512B - Virtual size: 52B

.data
Size: 512B - Virtual size: 340B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 32B