c668085bbe3df190d4052af30403e14f

General

Target

c668085bbe3df190d4052af30403e14f
Size

36KB
MD5

c668085bbe3df190d4052af30403e14f
SHA1

ac5f36be32d58abe6fe4d6dda5cde9fdd7fcecac
SHA256

3e054dd21252a57e43e6f52574a0a30ec5100dbeeb3ce77b1a693e9291758757
SHA512

7f2df636a0f88ca73e166cef19b4d54d491d2d84c6a0d4a19ec6272d992638e05508bb2a919f59d2bfd1f5a467a18c4bbe9dbbf214fa99fe43f4ed0129e890de
SSDEEP

768:2l41PU1FWSaWUw8s5sPY0MQuVJlTrR8nnbcuyD7UfqMHV:cUU7PaWEsCvMQu5/Knnouy8fqMHV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c668085bbe3df190d4052af30403e14f

Files

c668085bbe3df190d4052af30403e14f
.sys windows:5 windows x86 arch:x86

8612db68eeba68a56df43ab8aa0f4a2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\winddk\3790.1830\hggg\objfre_wxp_x86\i386\HGGG.pdb

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
IoDeleteDevice
IoDeleteSymbolicLink
_stricmp
strrchr
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
ObfDereferenceObject
IoDriverObjectType
ZwClose
ZwReadFile
MmIsAddressValid
IoCreateFile
KeWaitForSingleObject
KeGetCurrentThread
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
KdDisableDebugger
IofCompleteRequest
ObReferenceObjectByHandle
IoFileObjectType
_allmul
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
KeTickCount
KeBugCheckEx
ZwQueryInformationFile
IoGetCurrentProcess

hal

KeStallExecutionProcessor

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8612db68eeba68a56df43ab8aa0f4a2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 896B - Virtual size: 822B

.data Size: 27KB - Virtual size: 27KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 518B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 896B - Virtual size: 822B

.data
Size: 27KB - Virtual size: 27KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 518B