c9a75865b7195424c5fd4fd2342843ec

General

Target

c9a75865b7195424c5fd4fd2342843ec
Size

5KB
MD5

c9a75865b7195424c5fd4fd2342843ec
SHA1

65eace9a9bad27e1a3ddf3d2415006b4f0115890
SHA256

f5d364ae74c68de230a1cce4f7d613a44a9ecbe67c6f5e3e148b360060274ea3
SHA512

7b697a4554ad1d7ede2ca85e4289dd2ff031bc12e0c30b8ba5c2ade92f4ba671fca36f393e792e760c0b74469ba1b246faa8cd6072ec6ffc9a590a43aa15368b
SSDEEP

96:txwz8juEwcJoZgbK9JmktwB22OOC2/j5X2kmdNofzgl9ZO7p:UEToCK3t222OO1IkmILg/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9a75865b7195424c5fd4fd2342843ec

Files

c9a75865b7195424c5fd4fd2342843ec
.sys windows:4 windows x86 arch:x86

508b302c4dce1c22628e50883232f1b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceObjectPointer
ObDereferenceObject
ObReferenceObjectByName
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwAccessCheckAndAuditAlarm
ZwAdjustPrivilegesToken
ZwAlertThread
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwClearEvent
ZwClose
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
IoGetCurrentProcess
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushKey
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwOpenKey
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwSetValueKey
ZwTerminateProcess
ZwYieldExecution
KeServiceDescriptorTable
IoDriverObjectType
IoCallDriver
ZwDeleteFile
IoBuildDeviceIoControlRequest

ndis.sys

NdisRegisterProtocol
NdisDeregisterProtocol

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 448B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

508b302c4dce1c22628e50883232f1b7

Headers

File Characteristics

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 320B - Virtual size: 316B

.data Size: 288B - Virtual size: 260B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 448B - Virtual size: 424B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 320B - Virtual size: 316B

.data
Size: 288B - Virtual size: 260B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 448B - Virtual size: 424B