Static task
static1
Behavioral task
behavioral1
Sample
c99b74b18ab48034d269a9622d0eccb6.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c99b74b18ab48034d269a9622d0eccb6.dll
Resource
win10v2004-20240226-en
General
-
Target
c99b74b18ab48034d269a9622d0eccb6
-
Size
10KB
-
MD5
c99b74b18ab48034d269a9622d0eccb6
-
SHA1
0836163884d3fc2c06350944eaf489f22c89d7e3
-
SHA256
c31ca12a3fe088b28dd0949797ea2adf2ce14e629b960ee7d0a76fa3235cb084
-
SHA512
6469455e16ed740364df1a1f09aec2a2c525b446d58d8934f4cc11ff64ab447af08fb237ed6800546f5dd158e749486f2c4f9fcf5f66b792bbd09c9f4682f72c
-
SSDEEP
192:ltCBHlEzlIhPmpS3rDS85kAsVZxjBzWECl0sLwOSkTjuS8/jKZ:lt4q8m0hCfxjBzWbl/FTjZ8/j
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c99b74b18ab48034d269a9622d0eccb6
Files
-
c99b74b18ab48034d269a9622d0eccb6.dll windows:1 windows x86 arch:x86
2af65623e2fce359b4be0e93b28e19d3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
ntoskrnl.exe
IoAttachDevice
ZwClose
NtQueryDirectoryFile
ZwQuerySystemInformation
MmMapLockedPages
ExFreePool
CcFlushCache
IofCompleteRequest
ObfReferenceObject
IoFreeIrp
memset
_stricmp
memcpy
ExAllocatePool
IofCallDriver
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 357B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 64B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ