c476ca3e768aec2aa390e7c2d2bd8f3b

General

Target

c476ca3e768aec2aa390e7c2d2bd8f3b
Size

22KB
MD5

c476ca3e768aec2aa390e7c2d2bd8f3b
SHA1

996bb15a336b4fca3aa6ca98bb30c097147f1e74
SHA256

dde27292b2c1303e58e58c88b0c9d88fef49234dc46b627d5803dea27f707f10
SHA512

16fd96f084b8b55dd29ca67dae30c69a4f9f866447523a6a9568d6121940692d4bd70719c164fd165c9908a4ac971a13bd46fb326a24ecdc780f44d92f13cdd0
SSDEEP

384:Zs3ht1dCnzTdfxjHCohUChgU4oml4qqxTJM+FejGBlyRcRI6k:ZCCTHCoThghomlvqxdMaeel/I6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c476ca3e768aec2aa390e7c2d2bd8f3b

Files

c476ca3e768aec2aa390e7c2d2bd8f3b
.sys windows:4 windows x86 arch:x86

e29e2a4f93606cf5de579e0a49b9172b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsicmp
ExInterlockedAddLargeInteger
FsRtlUninitializeLargeMcb
CcSetLogHandleForFile
ExAllocatePool
RtlDeleteRange
ExInterlockedInsertTailList
RtlLookupElementGenericTableFull
KeQuerySystemTime
ZwQueryDefaultUILanguage
IoAttachDeviceToDeviceStack
mbtowc
wcsncmp
PsGetVersion
ZwQueryInformationProcess
KeIsExecutingDpc
CcPrepareMdlWrite
KefReleaseSpinLockFromDpcLevel
ZwQueryDefaultLocale
KeAcquireSpinLockAtDpcLevel
ExFreePool
MmUnmapViewOfSection
FsRtlCopyWrite
KeReleaseMutex
ExInitializePagedLookasideList
ZwDeleteKey
NtSetQuotaInformationFile
ZwDeleteValueKey

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.bac
Size: 512B - Virtual size: 260B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cab
Size: 512B - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e29e2a4f93606cf5de579e0a49b9172b

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

ILIT Size: 1024B - Virtual size: 614B

.bac Size: 512B - Virtual size: 260B

.cab Size: 512B - Virtual size: 52B

.data Size: 512B - Virtual size: 336B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

ILIT
Size: 1024B - Virtual size: 614B

.bac
Size: 512B - Virtual size: 260B

.cab
Size: 512B - Virtual size: 52B

.data
Size: 512B - Virtual size: 336B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 32B