bfbb8199afce54ef4c0974355d8896ac

General

Target

bfbb8199afce54ef4c0974355d8896ac
Size

19KB
MD5

bfbb8199afce54ef4c0974355d8896ac
SHA1

e66cfb36b3c110f2fa3bd96f610db09fd92a8797
SHA256

515425c2d362fe26e66209af7a65563d37709ad38f8b421e10fd263dec5045c3
SHA512

19e8d9588cf9073a202d05c54d1cef824d1bf1f26a52279bcb1f4c973937a7b6409cd6ce3c9069ce9df152b6a787c5457b3df57de2880122bc128bb5ec5dc613
SSDEEP

384:LoL5ivShpHGFCwF2NQ8+PbrwpGN2kUOV2XBiaO302d5mCuQMxgW9+F1D22Ahfojn:LoL5jHGxsRmbqGNbUpRq302doCuQCgYQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfbb8199afce54ef4c0974355d8896ac

Files

bfbb8199afce54ef4c0974355d8896ac
.sys windows:4 windows x86 arch:x86

5cdf18ba13ec7b62ee89c7735f19cb3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
isprint
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
strchr
ZwCreateFile
IoRegisterDriverReinitialization
IofCompleteRequest
atol
tolower
IoGetCurrentProcess
strstr
wcsstr
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsncmp
towlower
toupper
isxdigit
isupper
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
strrchr
PsGetVersion
strncmp
strncpy
islower
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
srand
atoi
isdigit
isspace
_strnicmp

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 992B - Virtual size: 966B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cdf18ba13ec7b62ee89c7735f19cb3d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 992B - Virtual size: 966B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 992B - Virtual size: 966B