cb02ee0b1c5dfa1c5e3690e615c29bd5

General

Target

cb02ee0b1c5dfa1c5e3690e615c29bd5
Size

5KB
MD5

cb02ee0b1c5dfa1c5e3690e615c29bd5
SHA1

d35d22797f8c5542b4e27e872978053d82f4c459
SHA256

161e4f4989221c84151782f53f1a0f9c30c36d32a68cc10b32e45d9b32cc0083
SHA512

1538c5fd215ca856ea433b8777ea53ce970891743bdf809c85c062249f61d506da9abdfb5a51d670b3e0738f9f62893d7844a714fc1a88dfed5302f1c0b45ebb
SSDEEP

96:Lw1R4C/b9ZEO1NzsvuAlr/LUBJFKo1qTTDnn:LwtDjEOL4d5DaQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb02ee0b1c5dfa1c5e3690e615c29bd5

Files

cb02ee0b1c5dfa1c5e3690e615c29bd5
.sys windows:5 windows x86 arch:x86

4fa3432155964f687603a80b6bd6637b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DirectDiskForWin32\KillProcess\objfre_wxp_x86\i386\pcidump.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
DbgPrint
PsTerminateSystemThread
ExAllocatePoolWithTag
MmIsAddressValid
ObfDereferenceObject
strncmp
IoGetCurrentProcess
strncpy
_stricmp
ObReferenceObjectByHandle
PsCreateSystemThread
PsGetCurrentProcessId
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
PsLookupProcessByProcessId
KeInitializeSpinLock
ObReferenceObjectByName
IoDriverObjectType
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
IoDeleteDevice
ExFreePoolWithTag
KeServiceDescriptorTable
ZwQuerySystemInformation
KeWaitForSingleObject
IofCompleteRequest

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fa3432155964f687603a80b6bd6637b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 262B

.data Size: 256B - Virtual size: 168B

INIT Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 442B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 262B

.data
Size: 256B - Virtual size: 168B

INIT
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 442B