cd79c00b0508a351132d8cce7002a1da

General

Target

cd79c00b0508a351132d8cce7002a1da
Size

12KB
MD5

cd79c00b0508a351132d8cce7002a1da
SHA1

782a054953a76f9872c8592e06e6e8e6584ae154
SHA256

1e98032220ab2f235ed8ff4811d5dcf95b30e354c82aa9f250775e25a89aa215
SHA512

a8233621e720df8bb6d3f2b952064e36d904865592cd74a805f49b869e827d840c4b583edff3351d91fc6dd60c488867de9cadb5257cee0c9ea25a3ace521dd2
SSDEEP

192:gHHt0THZUHZaC7cUhXatyiRg2Ml3h9vLV08hPAY0N+ClG+vg7adI:kN0boZaC7cU5atyiKz5hRBa1h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd79c00b0508a351132d8cce7002a1da

Files

cd79c00b0508a351132d8cce7002a1da
.sys windows:5 windows x86 arch:x86

3b6b1706eb49c7fc667adae0a4518744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\hook\hide_evr2\hide_evr2.pdb

Imports

ntoskrnl.exe

ProbeForRead
_except_handler3
ExAllocatePoolWithTag
strncpy
IoGetCurrentProcess
_stricmp
wcslen
ExFreePool
_wcsicmp
RtlCompareUnicodeString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IofCompleteRequest
strncmp
ZwQueryDirectoryFile
ZwQuerySystemInformation
InterlockedExchange
ZwEnumerateValueKey
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 758B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 384B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b6b1706eb49c7fc667adae0a4518744

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 340B

.data Size: 128B - Virtual size: 52B

INIT Size: 768B - Virtual size: 758B

.vmp0 Size: 384B - Virtual size: 344B

.vmp1 Size: 6KB - Virtual size: 6KB

.reloc Size: 768B - Virtual size: 724B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 340B

.data
Size: 128B - Virtual size: 52B

INIT
Size: 768B - Virtual size: 758B

.vmp0
Size: 384B - Virtual size: 344B

.vmp1
Size: 6KB - Virtual size: 6KB

.reloc
Size: 768B - Virtual size: 724B