bd1c1b8524e2bdaeb8581c0ef4c4ad2847131d57bf61b003eb939042182db61c

Sharing

Copy URL Twitter E-mail

General

Target

bd1c1b8524e2bdaeb8581c0ef4c4ad2847131d57bf61b003eb939042182db61c
Size

1.3MB
MD5

2a15f7770cfacba224d14e8de4769a9c
SHA1

9a3f9e493632be34ae62bd016870e133949a88d0
SHA256

bd1c1b8524e2bdaeb8581c0ef4c4ad2847131d57bf61b003eb939042182db61c
SHA512

9770a680bcb50891f405e7e16e1f7ca1a62aaeef0bcc47e0e991754bb2078cb8f646149eb85db0d3f188fa74c5ef3ae75a57b6865ad4417b490d53eec305f75b
SSDEEP

24576:8WAZEAMBQkod/pv2EwzpqwyafNupXKDMjTYfaoUpYN0DFn3CwtA+si81McuPyW4f:BmExQbUyWupX2KTKaFQyCqAJ1NuP/MCi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd1c1b8524e2bdaeb8581c0ef4c4ad2847131d57bf61b003eb939042182db61c

Files

bd1c1b8524e2bdaeb8581c0ef4c4ad2847131d57bf61b003eb939042182db61c
.sys windows:10 windows x64 arch:x64

283ecc9d512e7b5da5bd5927086268b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\code\FileProtect\x64\Release\ProtectDrv.pdb

Imports

fltmgr.sys

FltRegisterFilter

ntoskrnl.exe

towupper
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qTj
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.O8=
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.-Y-
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

283ecc9d512e7b5da5bd5927086268b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fltmgr.sys

ntoskrnl.exe

hal

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 336B

INIT Size: 2KB - Virtual size: 1KB

.qTj Size: 718KB - Virtual size: 718KB

.O8= Size: 1024B - Virtual size: 688B

.-Y- Size: 630KB - Virtual size: 629KB

.reloc Size: 512B - Virtual size: 100B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 336B

INIT
Size: 2KB - Virtual size: 1KB

.qTj
Size: 718KB - Virtual size: 718KB

.O8=
Size: 1024B - Virtual size: 688B

.-Y-
Size: 630KB - Virtual size: 629KB

.reloc
Size: 512B - Virtual size: 100B