c8871028cd4887b97838de6c553af743

Sharing

Copy URL Twitter E-mail

General

Target

c8871028cd4887b97838de6c553af743
Size

44KB
MD5

c8871028cd4887b97838de6c553af743
SHA1

b01550edfac0c27c911b9c33b58a65c423bfbee2
SHA256

71fa3b8e3b3e2789c061a7020a3457d5862ab725c116f82beeff2a00704eb990
SHA512

6c450d87b3d0d2742b9e9a91b71a0ec1103781fa2ab6b31ba4ed0ac93fef9b2d1391c642e5224776eba311daea2848513df6af92b8d1333fed2120b8334c65c9
SSDEEP

768:Vg0eTSB7VlBADLRBzJTCZ7n+nImaZ4U79qwrVF9/H:q0gSFVMfzJTCN+nI9Zcw9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8871028cd4887b97838de6c553af743

Files

c8871028cd4887b97838de6c553af743
.dll windows:5 windows x86 arch:x86

5f05d3224f379731517f20a51d28b420

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\pJgzzif\NyXn\uMrdpBja\mcHtjeZ.pdb

Imports

ntoskrnl.exe

RtlAppendStringToString
ExSetResourceOwnerPointer
MmFreeContiguousMemory
RtlxAnsiStringToUnicodeSize
RtlSetAllBits
ExFreePool
PsGetCurrentProcessId
KeSetPriorityThread
PsLookupThreadByThreadId
IoGetAttachedDevice
RtlInitializeBitMap
RtlDowncaseUnicodeString
RtlCompareUnicodeString
SeTokenIsAdmin
KeClearEvent
RtlFreeAnsiString
KeBugCheckEx
ExNotifyCallback
IoFreeMdl
KeQueryActiveProcessors
KeRemoveQueue
ObGetObjectSecurity
IoGetAttachedDeviceReference
ZwFreeVirtualMemory
ExGetExclusiveWaiterCount
RtlCharToInteger
IoRegisterDeviceInterface
KeSetKernelStackSwapEnable
RtlInitAnsiString

Exports

Exports

?eMpxDKaiskLPjzrola@@YGPAMPAND@Z
?aMLJwcRqfu@@YGPA_NF@Z
?rjwhqiarivgcRodPAdKm@@YGMPAMN@Z

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbgdir
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f05d3224f379731517f20a51d28b420

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 868B

.edata Size: 512B - Virtual size: 176B

.dbgdir Size: 512B - Virtual size: 512B

.dbg Size: 512B - Virtual size: 512B

INIT Size: 9KB - Virtual size: 9KB

INIT Size: 512B - Virtual size: 454B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 868B

.edata
Size: 512B - Virtual size: 176B

.dbgdir
Size: 512B - Virtual size: 512B

.dbg
Size: 512B - Virtual size: 512B

INIT
Size: 9KB - Virtual size: 9KB

INIT
Size: 512B - Virtual size: 454B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 2KB - Virtual size: 1KB