ca60703c48859ade1ad76ec4fb67cd5d

Sharing

Copy URL Twitter E-mail

General

Target

ca60703c48859ade1ad76ec4fb67cd5d
Size

45KB
MD5

ca60703c48859ade1ad76ec4fb67cd5d
SHA1

378bd58326c721a3a99af731637f7589d8c08069
SHA256

727813f70247faa38c74b41c6dec99619f5381859ee8c38be22b4036a7392e04
SHA512

efde34a6cd9b5989f75d80433ef1b95a54efe4d7e18169e5399ac3001dd0578c96c99a5010b36e2da2a6a32105212850490025985c87ab61add5cde7468dc03b
SSDEEP

768:ALf3Cwh9T59w8uI37yAb/X7ah6jVanFnnXorcFO8stWX26tS8:6SQr9wxmOAnaoBaFnn44oXY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca60703c48859ade1ad76ec4fb67cd5d

Files

ca60703c48859ade1ad76ec4fb67cd5d
.dll windows:5 windows x86 arch:x86

b9d8ba0a88f260577517551e3ed042bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\APan\rxbkcj\ystz.pdb

Imports

ntoskrnl.exe

IoGetBootDiskInformation
ZwFlushKey
ExReleaseResourceLite
RtlWriteRegistryValue
IoRegisterDeviceInterface
KeWaitForSingleObject
RtlDowncaseUnicodeString
CcCopyRead
ObReleaseObjectSecurity
RtlUpperChar
KeRundownQueue
KeFlushQueuedDpcs
ObCreateObject
FsRtlIsDbcsInExpression
RtlCopyLuid
MmSizeOfMdl
RtlEqualString
IoGetDeviceObjectPointer
MmUnsecureVirtualMemory
KeDeregisterBugCheckCallback
CcDeferWrite

Exports

Exports

?UmgtuJzyLvxeshcrialn@@YGJII@Z

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbgdir
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9d8ba0a88f260577517551e3ed042bd

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.idata Size: 1024B - Virtual size: 618B

.edata Size: 512B - Virtual size: 98B

.dbgdir Size: 512B - Virtual size: 512B

.dbg Size: 512B - Virtual size: 512B

INIT Size: 9KB - Virtual size: 9KB

INIT Size: 512B - Virtual size: 446B

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.idata
Size: 1024B - Virtual size: 618B

.edata
Size: 512B - Virtual size: 98B

.dbgdir
Size: 512B - Virtual size: 512B

.dbg
Size: 512B - Virtual size: 512B

INIT
Size: 9KB - Virtual size: 9KB

INIT
Size: 512B - Virtual size: 446B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 2KB - Virtual size: 1KB