c5bed84f74f45aa2708d059e8b88bce2

General

Target

c5bed84f74f45aa2708d059e8b88bce2
Size

55KB
MD5

c5bed84f74f45aa2708d059e8b88bce2
SHA1

edc4c79e3605e3d33fbb05a4820edb0db1a82951
SHA256

3c17e619e7c3ba3e74e87702c90172c5fda452c254caf8f6a94966050dcc138a
SHA512

9bad610c6943d099e203dc6e730df96c75697c69025c225017ebc4a66d03ba2c10091cf0a28a6fd56b4e8e9ed11048c160a504bca24cfe55adbdbead0195095a
SSDEEP

768:84LZjANHPfVQCJ99CTuofZ8eQplroIYRZTP/SH3Kj/eN7ND591d8gmsumwdC2FF:84LZ8NvrNoIQg6+tX/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5bed84f74f45aa2708d059e8b88bce2

Files

c5bed84f74f45aa2708d059e8b88bce2
.sys windows:4 windows x86 arch:x86

85dd025682e877b2e85397b7f8c11630

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
PsCreateSystemThread
ZwClose
ZwSetValueKey
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
IofCompleteRequest
IoGetCurrentProcess
wcsncmp
wcslen
towlower
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
PsGetVersion
strncpy
ZwCreateFile
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
_except_handler3
wcsstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
RtlCopyUnicodeString
_strnicmp
ZwDeleteValueKey

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 224B - Virtual size: 195B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85dd025682e877b2e85397b7f8c11630

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 224B - Virtual size: 195B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 224B - Virtual size: 195B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB