d4029f1d1d35ce4fd08761f784c44377

General

Target

d4029f1d1d35ce4fd08761f784c44377
Size

20KB
MD5

d4029f1d1d35ce4fd08761f784c44377
SHA1

46a21cffae2fb6331ae6f88292bf7bb1b9ec27c9
SHA256

1ce780164f7c4980671dd276ce4d5759afd65d167d59671990f15b3224746f3d
SHA512

8b919ee9d179f09f5af2047d9b2f4125030e4816107819536bbf416a8571fb12624100b6361e5f087a47cf8dc1efb430bb132ef01b582477e3f3021778d19eca
SSDEEP

384:+upic1y5NrFhokETRKw9thSGjbKbA5nnxfHT:7pgDPExRljbKbUxP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4029f1d1d35ce4fd08761f784c44377

Files

d4029f1d1d35ce4fd08761f784c44377
.sys windows:5 windows x86 arch:x86

cffd8d9f062bb15271634dba33bbd99f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\DRIVER~2\Dog1\Dog1\objchk_wnet_x86\i386\Dog1.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
KeWaitForSingleObject
KeSetEvent
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateFile
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
wcsstr
_wcsupr
_except_handler3
ExFreePoolWithTag
ZwClose
_stricmp
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
IoFreeIrp
RtlAssert
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
ObReferenceObjectByHandle
IoFileObjectType
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
PsTerminateSystemThread
KeSetPriorityThread
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 970B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cffd8d9f062bb15271634dba33bbd99f

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 512B - Virtual size: 436B

.data Size: 512B - Virtual size: 128B

INIT Size: 1024B - Virtual size: 970B

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 1024B - Virtual size: 786B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 512B - Virtual size: 436B

.data
Size: 512B - Virtual size: 128B

INIT
Size: 1024B - Virtual size: 970B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 1024B - Virtual size: 786B