c849b522906500b9b34696ff31a910aa

General

Target

c849b522906500b9b34696ff31a910aa
Size

73KB
MD5

c849b522906500b9b34696ff31a910aa
SHA1

0f0f7c01b00a88be19d31e8d108e49655801f681
SHA256

5c486f32af9e49ee171706c7723a75148a449c8a5c423582cc36db5a7b81291c
SHA512

33a728d10173115e39c68135b612e88e67c1d6ab7a2841b5ae562280c190142b6fb6f051c563fefa26100f0794c3cda799c5197019b73c6332bdda94a23df43d
SSDEEP

1536:yV7adaJfZf+SvLm8ZutqLDxP0iLMJULIX3NLUy865ZiLUJOAe:6xvLm0VxPZLZW+9BIwA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c849b522906500b9b34696ff31a910aa

Files

c849b522906500b9b34696ff31a910aa
.sys windows:5 windows x86 arch:x86

2bbbe76324cb5d407d68793319d157d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jk\objfre_wxp_x86\i386\jk.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
wcscmp
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
RtlInitAnsiString
PsLookupProcessByProcessId
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
_except_handler3
MmGetSystemRoutineAddress
RtlInitUnicodeString
KeWaitForSingleObject
PsGetCurrentProcessId
strstr
DbgPrint
wcsstr
PsRemoveLoadImageNotifyRoutine
KeInitializeEvent
PsSetLoadImageNotifyRoutine
KeTickCount
KeBugCheckEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 702B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.woozle0
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.woozle1
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bbbe76324cb5d407d68793319d157d5

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 420B

.data Size: 768B - Virtual size: 692B

INIT Size: 768B - Virtual size: 702B

.woozle0 Size: 512B - Virtual size: 482B

.woozle1 Size: 63KB - Virtual size: 63KB

.reloc Size: 512B - Virtual size: 432B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 420B

.data
Size: 768B - Virtual size: 692B

INIT
Size: 768B - Virtual size: 702B

.woozle0
Size: 512B - Virtual size: 482B

.woozle1
Size: 63KB - Virtual size: 63KB

.reloc
Size: 512B - Virtual size: 432B