ca08386dab3da6f1384cb7baf92ed8b9

General

Target

ca08386dab3da6f1384cb7baf92ed8b9
Size

743KB
MD5

ca08386dab3da6f1384cb7baf92ed8b9
SHA1

ac3ca2d8941586ea2b6e58a6f7ae42de2045e685
SHA256

b6a16389a450ffcd01a596d7d62902ef3c97be68175025b3ba3d9cf02790c945
SHA512

cccfb8b695865a2d810de85cf49c8aca108a052574ec18921287b945e465e5ed17ce34f183b475d22ae7a24ab8c1927f1f9b6c8c218bf5edb17420ecf33f0e40
SSDEEP

12288:5OaEgsTrIAd2uq6CAh5j9EGDYqcnGLs4lXCGB8pcUKuWzJIzz+6NW8Q8:/EHr9dVqC2GDYqT44Vb8rK3ze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca08386dab3da6f1384cb7baf92ed8b9

Files

ca08386dab3da6f1384cb7baf92ed8b9
.sys windows:4 windows x86 arch:x86

22c6e40d052eddaff8d688d57be77740

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAllocatePoolWithTag
RtlInitUnicodeString
KeInitializeEvent
KeSetEvent
ZwClose
ExFreePoolWithTag
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
IoFreeIrp
ObfDereferenceObject
IoDetachDevice
RtlFreeUnicodeString
IoAllocateIrp
KeInitializeDpc
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
IoQueueWorkItem
KeInitializeTimer
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
KeClearEvent
IoSetDeviceInterfaceState
PoSetPowerState
IoRegisterDeviceInterface
PsCreateSystemThread
MmBuildMdlForNonPagedPool
PsTerminateSystemThread
DbgPrint
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IoAcquireRemoveLockEx
RtlUnicodeStringToAnsiString
KeResetEvent
MmMapIoSpace
IoReleaseRemoveLockEx
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoGetAttachedDeviceReference
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
IoDisconnectInterrupt
ZwCreateFile
IoGetDmaAdapter
KeSetPriorityThread
IoGetDeviceObjectPointer
ZwQuerySystemInformation
_snprintf

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22c6e40d052eddaff8d688d57be77740

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 334KB - Virtual size: 333KB

.rdata Size: 512B - Virtual size: 269B

.data Size: 17KB - Virtual size: 16KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 388KB - Virtual size: 387KB

.text
Size: 334KB - Virtual size: 333KB

.rdata
Size: 512B - Virtual size: 269B

.data
Size: 17KB - Virtual size: 16KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 388KB - Virtual size: 387KB