ca10ff7d2d66a2a35f94acfe724e663f

Sharing

Copy URL Twitter E-mail

General

Target

ca10ff7d2d66a2a35f94acfe724e663f
Size

572KB
MD5

ca10ff7d2d66a2a35f94acfe724e663f
SHA1

096c2f726d511fe476ae099ab5a2350e3c34e1a4
SHA256

7984a504f0d023ae0cde4578417f198390982d11e6a6e4e527886385c7bfd9ac
SHA512

9c6c241bbd2d842c9e03a1c2bf980bc8187c9c259474286ebdcc1fd0110bec42b1984a1df5ed6b02ea3d92e8ad26fa457f1d3dfadc944a049a58d04e54c9c7f3
SSDEEP

12288:FOgIkndmbGpBGe6bcINj0T57+KUWINBqgGGnT7IY:FHIkndmb+Ge6bcINj0T57+/Wqj/IY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca10ff7d2d66a2a35f94acfe724e663f

Files

ca10ff7d2d66a2a35f94acfe724e663f
.sys windows:5 windows x86 arch:x86

6459a3b0dfc86d5f8b28b852bf31b581

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memset
ExAllocatePoolWithTag
ObQueryNameString
RtlAssert
ZwClose
ObReferenceObjectByHandle
IoFileObjectType
IoCreateFileSpecifyDeviceObjectHint
IofCompleteRequest
ObfDereferenceObject
RtlCompareMemory
KeWaitForSingleObject
IofCallDriver
IoAllocateIrp
KeInitializeEvent
KeGetCurrentThread
IoFreeIrp
KeSetEvent
CcPurgeCacheSection
MmFlushImageSection
CcFlushCache
KeDelayExecutionThread
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
ExIsResourceAcquiredExclusiveLite
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
RtlCopyUnicodeString
IoGetCurrentProcess
PsGetVersion
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcslen
IoDeleteSymbolicLink
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_except_handler3
DbgPrint
PsGetCurrentThreadId
PsGetCurrentProcessId
ExAllocatePool
ZwQuerySystemInformation
RtlCompareString
strncpy
strlen
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
strcpy
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
memcpy
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfRaiseIrql
KeGetCurrentIrql
KfLowerIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ergerht0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ergerht1
Size: - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ergerht2
Size: 570KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6459a3b0dfc86d5f8b28b852bf31b581

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 17KB

.rdata Size: - Virtual size: 404B

.data Size: - Virtual size: 6KB

INIT Size: - Virtual size: 1KB

ergerht0 Size: - Virtual size: 1KB

ergerht1 Size: - Virtual size: 485KB

ergerht2 Size: 570KB - Virtual size: 570KB

.reloc Size: 512B - Virtual size: 296B

.text
Size: - Virtual size: 17KB

.rdata
Size: - Virtual size: 404B

.data
Size: - Virtual size: 6KB

INIT
Size: - Virtual size: 1KB

ergerht0
Size: - Virtual size: 1KB

ergerht1
Size: - Virtual size: 485KB

ergerht2
Size: 570KB - Virtual size: 570KB

.reloc
Size: 512B - Virtual size: 296B