d5f15878b12f0b08f42b361c3872f7c1

General

Target

d5f15878b12f0b08f42b361c3872f7c1
Size

17KB
MD5

d5f15878b12f0b08f42b361c3872f7c1
SHA1

627f6c79d86e0eb9a989e071d5510828e3dbd434
SHA256

91560b7a043aa3ef9600e22e7ee8e9d088f54c239721578062e014f6972aea45
SHA512

41fca8681e64dcd0a0f0af6a60eb33edaa13b273bbd5c9ce5a1c1e0645153332902ff5d83ee056842fedc5690b3ab47b91a3b68dfc049c0c43bd97d9c07ba1b4
SSDEEP

384:ZWLKg5uDjT6jQuek84UjCUE0O2/HpNBYzS/sarUaD+WnCHwSgMvTrtGnS:ZWLCDjT6jQuek84GCRoJNBYzSFUaDjSg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5f15878b12f0b08f42b361c3872f7c1

Files

d5f15878b12f0b08f42b361c3872f7c1
.sys windows:4 windows x86 arch:x86

3140a5232e5767a2d889871188619ea4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
isdigit
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isprint
PsCreateSystemThread
tolower
islower
ZwQueryValueKey
_except_handler3
IofCompleteRequest
atol
toupper
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
_strnicmp
ZwDeleteValueKey
srand
strrchr
wcsncmp
towlower
strstr
wcsstr
isupper
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
isspace
atoi
isxdigit

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3140a5232e5767a2d889871188619ea4

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB