df9f5be8fbbd3cf61c7d8c0f0d44091f

General

Target

df9f5be8fbbd3cf61c7d8c0f0d44091f
Size

17KB
MD5

df9f5be8fbbd3cf61c7d8c0f0d44091f
SHA1

42b913f03a9c71af718478226db159a9a71fae8c
SHA256

b46e9ec58393f75346a98dcda557dcd367b200dbd316487c73a925d85dfd7a92
SHA512

7c8559403cc3742b3a86388e3de1b0beb826fde1a6d5e4693d54fa934ce58947b871ee3424910535cd5ceed8dd4844ae82c8b5bed975384bddd4c88be36e2631
SSDEEP

384:WSNhulzYm9IK+VB1r+NyAyEH4Oq1Qxx1ucX2m2QtCi:TNhQzD9IK+VB1qNUA4XQUcXPvt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df9f5be8fbbd3cf61c7d8c0f0d44091f

Files

df9f5be8fbbd3cf61c7d8c0f0d44091f
.sys windows:4 windows x86 arch:x86

08d01bce839de3d96d45123214666c36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
PsGetVersion
IofCompleteRequest
isspace
isdigit
tolower
islower
atol
isupper
IoGetCurrentProcess
srand
ZwCreateFile
IoRegisterDriverReinitialization
atoi
strchr
isxdigit
wcsncmp
wcslen
towlower
toupper
strstr
isprint
_strnicmp
ZwDeleteValueKey
_except_handler3
ZwQueryValueKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
strncmp
strncpy
wcsstr
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08d01bce839de3d96d45123214666c36

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB