cd21ab2a3fb0bc146e2c205f1bfb0a24

Sharing

Copy URL Twitter E-mail

General

Target

cd21ab2a3fb0bc146e2c205f1bfb0a24
Size

47KB
MD5

cd21ab2a3fb0bc146e2c205f1bfb0a24
SHA1

d87e006c8c4aee06e66cee314b2ee11ead3e7b8e
SHA256

8d780e2a5b7f60e6f162cc2102f9d992b9f972c8c2f8b73cc6f2d3f23f2e6fb3
SHA512

661bde14cb0a9d4fb5926541f805712f32c0b14ce1b198a10c514616b1b58bfa90719b13dcf87a36af19e48312fbc508006870bdf6fa858dacd905c171a94fca
SSDEEP

768:N+tSi1BhPBBQARQkTO1kMARN6G1lvaQLTF:NG1BhPBBQARtRMG1lxF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd21ab2a3fb0bc146e2c205f1bfb0a24

Files

cd21ab2a3fb0bc146e2c205f1bfb0a24
.sys windows:4 windows x86 arch:x86

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAttachProcess
KeDetachProcess
MmIsAddressValid
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByPointer
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwAllocateVirtualMemory
_stricmp
memcpy
strcpy
strlen
PsProcessType
MmSystemRangeStart
MmSectionObjectType
IoFileObjectType
IoAllocateMdl
IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoIsWdmVersionAvailable
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
ProbeForRead
KeServiceDescriptorTable
InterlockedExchange
ExSystemTimeToLocalTime
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
PsTerminateSystemThread
RtlLargeIntegerSubtract
ZwClose
ZwCreateKey
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwSetValueKey
ExAllocatePool
ExFreePool
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
strcat
RtlCompareUnicodeString
KeWaitForSingleObject
IoGetCurrentProcess

hal

KeGetCurrentIrql

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 32B - Virtual size: 24B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 24B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 1024B - Virtual size: 1024B