c796dfe3fa2e934b526a577d4ba19d7d

General

Target

c796dfe3fa2e934b526a577d4ba19d7d
Size

54KB
MD5

c796dfe3fa2e934b526a577d4ba19d7d
SHA1

d5e98f0d38726224c5ad45b0a807e1f569e45aa2
SHA256

3fa20874650fa743ac3ea7d8af1b880b617c37047fecc44ab0f556870afaa3cb
SHA512

115cfd3771c453f0bd152551f8e6c6cd53fb9ed7cba7a7abb03caec7bd1b3943aa41d152734e0f6a534eb277d48bbcae9ddca5837201a53dcfff35803216d3a7
SSDEEP

768:AVdNZJlAnJunPXkdRBEfe492JwYMVO7y6cNHhYG/j:gdlAnkvARBEfBgJwYQO7y6cH/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c796dfe3fa2e934b526a577d4ba19d7d

Files

c796dfe3fa2e934b526a577d4ba19d7d
.sys windows:4 windows x86 arch:x86

ad7300b11912167c612ad1cda7fae3bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
IofCompleteRequest
_strnicmp
ZwQueryValueKey
ZwOpenKey
_except_handler3
strncmp
strncpy
KeDelayExecutionThread
PsCreateSystemThread
wcscpy
ZwEnumerateKey
wcscat
wcsncmp
towlower
RtlCopyUnicodeString
wcsstr
ZwDeleteValueKey

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7300b11912167c612ad1cda7fae3bd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 320B - Virtual size: 308B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 320B - Virtual size: 308B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB