c6f999b45255bd92b3cc0030b91f8e45

General

Target

c6f999b45255bd92b3cc0030b91f8e45
Size

447KB
MD5

c6f999b45255bd92b3cc0030b91f8e45
SHA1

ce4cf1743e17bd091bf1a26ef0d663d94de1beaf
SHA256

17b9caff9c10714de3f70d322329a3d925cbe130d1fed686fb2ca62332f15cc9
SHA512

c5430be6b9ff1904443d5946d6dd7327a219d3f60fc74db5ef48141090a6f47ad7391fcd3bb42b5535fd3deef321a3b04dc79f5e64ccd4da41587c4bd0156707
SSDEEP

6144:KnQ8bhJZNy2eOzCq6TCeM9ciR9PJxsF3uIjq1kiWkO/cVUjM3jDVTrHK3E488CWv:Suv2qCeM9ciRJJSF3uIMvCkrZrquXK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6f999b45255bd92b3cc0030b91f8e45

Files

c6f999b45255bd92b3cc0030b91f8e45
.dll windows:5 windows x86 arch:x86

bc35e8a0c76a1a6d03f37ad2b0fff77f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\upIiZyefSjlc\zoXspen\mgNdaaKjggl\vMqXtwrjbu.pdb

Imports

ntoskrnl.exe

RtlVerifyVersionInfo
RtlxAnsiStringToUnicodeSize
RtlInitString
IoFreeController
RtlCompareMemory
PoSetSystemState
FsRtlSplitLargeMcb
FsRtlIsHpfsDbcsLegal
RtlEqualUnicodeString
RtlSetDaclSecurityDescriptor
KePulseEvent
KeReadStateTimer
RtlInitUnicodeString
KeInitializeTimer
MmIsDriverVerifying
KeWaitForSingleObject
RtlInitAnsiString
ZwOpenKey
RtlHashUnicodeString
ZwCreateDirectoryObject
MmAllocateNonCachedMemory
IoGetAttachedDeviceReference
IoInitializeIrp
RtlUnicodeToMultiByteN
RtlEqualString

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc35e8a0c76a1a6d03f37ad2b0fff77f

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

.itext Size: 512B - Virtual size: 104B

.code Size: 512B - Virtual size: 192B

.icode Size: 512B - Virtual size: 192B

.data Size: 12KB - Virtual size: 12KB

.fdata Size: 512B - Virtual size: 318B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 672B

.text
Size: 14KB - Virtual size: 14KB

.itext
Size: 512B - Virtual size: 104B

.code
Size: 512B - Virtual size: 192B

.icode
Size: 512B - Virtual size: 192B

.data
Size: 12KB - Virtual size: 12KB

.fdata
Size: 512B - Virtual size: 318B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 672B