cc4ada1fb12436f578f50e377ebd0217

General

Target

cc4ada1fb12436f578f50e377ebd0217
Size

19KB
MD5

cc4ada1fb12436f578f50e377ebd0217
SHA1

45abcf838d992dbda4f2b36468d7055684ac9e9c
SHA256

3fa4d12727fc22470035532bd59864f519770efc8aff6e0fc15204340d43f8db
SHA512

2b2ed623b99649fbdc92cee7e8147f7d54d458b47542f48e850b4b4f0710881d79b6cac533d7bec248ffc124a2553f6f9b8d6e8d61c1f0d785a7bf526a2bad83
SSDEEP

384:Unjx8f9p3aODLrcFtck/M0nvl9PNU/uIbCXVSTycxiwCRsxX9Y7gof3t:UnjY1Lr2tF//nvHNU/7e0QwLI3t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc4ada1fb12436f578f50e377ebd0217

Files

cc4ada1fb12436f578f50e377ebd0217
.sys windows:4 windows x86 arch:x86

37b8ed2ff96d21718cef8cbec8e06318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
atoi
isprint
isspace
ZwCreateFile
IoRegisterDriverReinitialization
wcsncmp
wcslen
towlower
isdigit
strchr
IofCompleteRequest
tolower
strrchr
islower
IoGetCurrentProcess
srand
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
isupper
KeDelayExecutionThread
strncmp
PsGetVersion
strncpy
wcsstr
ZwQueryValueKey
_except_handler3
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
ZwDeleteValueKey
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
toupper
strstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 960B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37b8ed2ff96d21718cef8cbec8e06318

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 960B - Virtual size: 936B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 960B - Virtual size: 936B