d35ac7f6701c5e6b87b5a86c4a9e2034

General

Target

d35ac7f6701c5e6b87b5a86c4a9e2034
Size

70KB
MD5

d35ac7f6701c5e6b87b5a86c4a9e2034
SHA1

512b0f905a90ce94ad0110797d991562d37321f5
SHA256

15f06173c44078acc67be15a2ae164e0d602019ff949a39607fac49f1b96caea
SHA512

ef77770928397bb541b0f66bfb10f7edae0c16ae67a55bf3389897dfb0baae5c6ec5ba44a904f479804e39f39db36ca64b45b34d387b529b10d0b840c160deb9
SSDEEP

1536:UsJuCoNDdKCir6mRJCXs21VRrOCDNMjI/nWG2KIL9J:UsoCIKImDisWnjxMjpR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d35ac7f6701c5e6b87b5a86c4a9e2034

Files

d35ac7f6701c5e6b87b5a86c4a9e2034
.sys windows:4 windows x86 arch:x86

97bf6db46e1f259f45f2cc1492850349

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeAcquireQueuedSpinLock

ntoskrnl.exe

RtlInitUnicodeString
ZwCreateKey
ZwQueryValueKey
RtlAddAccessAllowedAce
RtlCreateAcl
ExInitializeZone
RtlLengthSid
SeExports
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
ExInterlockedDecrementLong
ExAllocatePoolWithTag
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IoDeleteDevice
ExDeleteNPagedLookasideList
IoQueueWorkItem
ZwNotifyChangeKey
MmPageEntireDriver
IoFreeWorkItem
ExInitializeNPagedLookasideList
IoAllocateWorkItem
IoCreateDevice
DbgBreakPoint
KeReadStateEvent
KePulseEvent
MmAdvanceMdl
KeBugCheckEx
ExInterlockedFlushSList
KeSetTimerEx
KeInitializeDpc
KeInitializeTimer
MmLockPagableDataSection
KeSetTimer
MmUnlockPagableImageSection
KeRemoveQueueDpc

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97bf6db46e1f259f45f2cc1492850349

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 16KB - Virtual size: 15KB

.INIT Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 220B

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 16KB - Virtual size: 15KB

.INIT
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 220B