be9c9433b043d80364070db7cc7446756bacf1ed5e3f2d2bd450b3e7bc073647

Sharing

Copy URL

Twitter E-mail

General

Target

be9c9433b043d80364070db7cc7446756bacf1ed5e3f2d2bd450b3e7bc073647
Size

1.3MB
MD5

c68dd21901a6a446ee82cabf6b1fef02
SHA1

b73bbf37a903cb7ad7c97f522339d90a00a098af
SHA256

be9c9433b043d80364070db7cc7446756bacf1ed5e3f2d2bd450b3e7bc073647
SHA512

82f838b8d3560c17e0ce18d38afdfe71440188259e4f4eddb3a7e19ee060cea0631f3c60d10f338751423c433a037625fbf5fc3fe64d8488ce1c5cfb35ca02ba
SSDEEP

24576:dYWl7dD2P5n4XV9oZ7I+SAF1VXJkrs4Hp8m0/cobXXc+bOBHLKsvy+9+:qipUg9oBI+Sc1BJv4Hp8m4PDXc+CBHur

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be9c9433b043d80364070db7cc7446756bacf1ed5e3f2d2bd450b3e7bc073647

Files

be9c9433b043d80364070db7cc7446756bacf1ed5e3f2d2bd450b3e7bc073647
.sys windows:10 windows x64 arch:x64

024652be737f89ff11308d11591c05e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\work_code\driver_template_yj_ icould_19.0.00428.01_update_temp_new\x64\Release\driver_template_x64.pdb

Imports

ntoskrnl.exe

KfRaiseIrql
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeQueryPerformanceCounter
HalMakeBeep

Exports

Exports

?cJSON_AddArrayToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddBoolToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBDH@Z
?cJSON_AddFalseToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddItemReferenceToArray@Json@@YAXPEAUcJSON@1@0@Z
?cJSON_AddItemReferenceToObject@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_AddItemToArray@Json@@YAXPEAUcJSON@1@0@Z
?cJSON_AddItemToObject@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_AddItemToObjectCS@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_AddNullToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddNumberToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBDN@Z
?cJSON_AddObjectToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddRawToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD1@Z
?cJSON_AddStringToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD1@Z
?cJSON_AddTrueToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_Compare@Json@@YAHQEBUcJSON@1@0H@Z
?cJSON_CreateArray@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateArrayReference@Json@@YAPEAUcJSON@1@PEBU21@@Z
?cJSON_CreateBool@Json@@YAPEAUcJSON@1@H@Z
?cJSON_CreateDoubleArray@Json@@YAPEAUcJSON@1@PEBNH@Z
?cJSON_CreateFalse@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateFloatArray@Json@@YAPEAUcJSON@1@PEBMH@Z
?cJSON_CreateIntArray@Json@@YAPEAUcJSON@1@PEBHH@Z
?cJSON_CreateNull@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateNumber@Json@@YAPEAUcJSON@1@N@Z
?cJSON_CreateObject@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateObjectReference@Json@@YAPEAUcJSON@1@PEBU21@@Z
?cJSON_CreateRaw@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_CreateString@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_CreateStringArray@Json@@YAPEAUcJSON@1@PEAPEBDH@Z
?cJSON_CreateStringReference@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_CreateTrue@Json@@YAPEAUcJSON@1@XZ
?cJSON_Delete@Json@@YAXPEAUcJSON@1@@Z
?cJSON_DeleteItemFromArray@Json@@YAXPEAUcJSON@1@H@Z
?cJSON_DeleteItemFromObject@Json@@YAXPEAUcJSON@1@PEBD@Z
?cJSON_DeleteItemFromObjectCaseSensitive@Json@@YAXPEAUcJSON@1@PEBD@Z
?cJSON_DetachItemFromArray@Json@@YAPEAUcJSON@1@PEAU21@H@Z
?cJSON_DetachItemFromObject@Json@@YAPEAUcJSON@1@PEAU21@PEBD@Z
?cJSON_DetachItemFromObjectCaseSensitive@Json@@YAPEAUcJSON@1@PEAU21@PEBD@Z
?cJSON_DetachItemViaPointer@Json@@YAPEAUcJSON@1@PEAU21@QEAU21@@Z
?cJSON_Duplicate@Json@@YAPEAUcJSON@1@PEBU21@H@Z
?cJSON_GetArrayItem@Json@@YAPEAUcJSON@1@PEBU21@H@Z
?cJSON_GetArraySize@Json@@YAHPEBUcJSON@1@@Z
?cJSON_GetErrorPtr@Json@@YAPEBDXZ
?cJSON_GetObjectItem@Json@@YAPEAUcJSON@1@QEBU21@QEBD@Z
?cJSON_GetObjectItemCaseSensitive@Json@@YAPEAUcJSON@1@QEBU21@QEBD@Z
?cJSON_GetStringValue@Json@@YAPEADPEAUcJSON@1@@Z
?cJSON_HasObjectItem@Json@@YAHPEBUcJSON@1@PEBD@Z
?cJSON_InitHooks@Json@@YAXPEAUcJSON_Hooks@1@@Z
?cJSON_InsertItemInArray@Json@@YAXPEAUcJSON@1@H0@Z
?cJSON_IsArray@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsBool@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsFalse@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsInvalid@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsNull@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsNumber@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsObject@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsRaw@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsString@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsTrue@Json@@YAHQEBUcJSON@1@@Z
?cJSON_Minify@Json@@YAXPEAD@Z
?cJSON_Parse@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_ParseWithOpts@Json@@YAPEAUcJSON@1@PEBDPEAPEBDH@Z
?cJSON_PrintBuffered@Json@@YAPEADPEBUcJSON@1@HH@Z
?cJSON_PrintPreallocated@Json@@YAHPEAUcJSON@1@PEADHH@Z
?cJSON_ReplaceItemInArray@Json@@YAXPEAUcJSON@1@H0@Z
?cJSON_ReplaceItemInObject@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_ReplaceItemInObjectCaseSensitive@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_ReplaceItemViaPointer@Json@@YAHQEAUcJSON@1@0PEAU21@@Z
?cJSON_SetNumberHelper@Json@@YANPEAUcJSON@1@N@Z
?cJSON_Version@Json@@YAPEBDXZ
?cJSON_free@Json@@YAXPEAX@Z
?cJSON_malloc@Json@@YAPEAX_K@Z

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adz0
Size: 884KB - Virtual size: 884KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adz1
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

024652be737f89ff11308d11591c05e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 37KB

.pdata Size: 14KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 8B

.edata Size: 4KB - Virtual size: 4KB

INIT Size: 3KB - Virtual size: 3KB

.adz0 Size: 884KB - Virtual size: 884KB

.adz1 Size: 85KB - Virtual size: 84KB

.reloc Size: 1024B - Virtual size: 752B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 37KB

.pdata
Size: 14KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 8B

.edata
Size: 4KB - Virtual size: 4KB

INIT
Size: 3KB - Virtual size: 3KB

.adz0
Size: 884KB - Virtual size: 884KB

.adz1
Size: 85KB - Virtual size: 84KB

.reloc
Size: 1024B - Virtual size: 752B

.rsrc
Size: 1KB - Virtual size: 1KB