be78416e41eafd49725eb8831ee4ce96

General

Target

be78416e41eafd49725eb8831ee4ce96
Size

38KB
MD5

be78416e41eafd49725eb8831ee4ce96
SHA1

f0dcaf94e08093e7975829b38c51d704f96ff2a4
SHA256

ddeea492d4db113ebbf776669ec4435481ebccc7c29dd342155a8bf164690aba
SHA512

1282e4e4fc165e5123070ce614415216a9973df0807fa9ae7a68653f7f52416bc356eec6e3e2468beb993258866b3ce895c339725aa5b8d41d8c8acc8fa7a514
SSDEEP

768:F+HwDhAcvxFdwhnkfpXjXR7XJHflTOySdgDWFBsxe7BtijWl:Yhcv/qE9jX9pc1gAss7Pw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be78416e41eafd49725eb8831ee4ce96

Files

be78416e41eafd49725eb8831ee4ce96
.sys windows:4 windows x86 arch:x86

0915d9b23f17d95cb2c99d8e688c5039

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
_stricmp
PsSetCreateProcessNotifyRoutine
ZwClose
ZwDeleteKey
swprintf
ZwQueryValueKey
ZwSetInformationFile
ZwCreateFile
wcslen
wcscpy
RtlCompareUnicodeString
KeQuerySystemTime
IofCompleteRequest
ZwSetValueKey
ZwCreateKey
IoRegisterDriverReinitialization
_wcsnicmp
KeDelayExecutionThread
ObReferenceObjectByHandle
wcsstr
_wcslwr
MmIsAddressValid
ZwOpenKey
RtlCopyUnicodeString
_wcsicmp
wcsncpy
wcsrchr
_except_handler3
ObfDereferenceObject
_snwprintf
wcschr
wcscat
MmGetSystemRoutineAddress
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
strncmp
IoDeviceObjectType
strncpy
PsLookupProcessByProcessId
IoGetCurrentProcess
PsCreateSystemThread

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 82B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0915d9b23f17d95cb2c99d8e688c5039

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 5B

PAGE Size: 96B - Virtual size: 82B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 5B

PAGE
Size: 96B - Virtual size: 82B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB