c0e7db04039a152a0191ba421360e0d5

General

Target

c0e7db04039a152a0191ba421360e0d5
Size

8KB
MD5

c0e7db04039a152a0191ba421360e0d5
SHA1

4efa919ddd696d606c051e893921cbad26317985
SHA256

0e0012a3d9e41f80efdedf4a19682f0c03d40905d04c19a01f899cd0ebec1728
SHA512

d4b061fd69cdc0a45401468b98fc0b2277b36eebcb4ca92740cf6ead25203aea27fe21d0b68e2a057447045b2914d8c1c43382550644163d5170b7125d6efff0
SSDEEP

192:PpZg9aE7yytd6EOK3yhwM/6NQ61ZfAOPBIVHPXwC6t+Q:PpuaP17/6NQ6ffBPB2bC+Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0e7db04039a152a0191ba421360e0d5

Files

c0e7db04039a152a0191ba421360e0d5
.sys windows:5 windows x86 arch:x86

a11620af82c1b752a745216f70650f07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ExAllocatePoolWithTag
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwCreateKey
ZwSetValueKey
wcscmp
_except_handler3
ExFreePool
strncat
ZwQuerySystemInformation
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
_stricmp
IoGetCurrentProcess
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwUnmapViewOfSection
strncpy
ObfDereferenceObject
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
strncmp
IoDeleteSymbolicLink
PsGetVersion
wcslen
RtlInitUnicodeString
IoDeleteDevice
RtlCompareMemory

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 554B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a11620af82c1b752a745216f70650f07

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 554B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 554B