b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801

Sharing

Copy URL

Twitter E-mail

General

Target

b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801
Size

473KB
MD5

d0f3373974b090962306992f62e7a3c1
SHA1

b12f6d8283d3a87ead9fd104ac56b64e9c7e6cf0
SHA256

b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801
SHA512

e6c07d4999cc179137c057ba6f2d8a7a351074a39dc1495c2e97f12962a4cba895bc46060037fc51ced5885a5af62ed3bb7643e7aa5cc61a9982491a17a958e2
SSDEEP

6144:M9sFxhSKBiaEDbQSCTokyMXR7Myll1aiDbCEBIatHXkT0gDsJ:usF+4WDCTo/M5Myll1FlBDt3k4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801

Files

b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801
.dll windows:4 windows x64 arch:x64

1994c292f8b2736dffbd39b1b403e194

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwDeleteFile
ZwOpenFile
wcsncpy
wcschr
memcmp
memmove
_wcsicmp
IofCallDriver
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
PsGetCurrentProcessId
ObReferenceObjectByHandle
wcsrchr
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ExFreePoolWithTag
RtlVolumeDeviceToDosName
IoFileObjectType
memset
RtlNtStatusToDosError
swprintf
wcsncmp
ZwQueryDirectoryFile
ZwQueryInformationFile
ZwQueryInformationProcess
ZwSetInformationProcess
PsGetCurrentThreadId
ZwOpenProcess
KeInsertQueueApc
KeInitializeApc
PsLookupProcessThreadByCid
PsTerminateSystemThread
rand
ZwWaitForSingleObject
PsCreateSystemThread
ZwReadFile
KeReadStateEvent
wcsncat
ExGetPreviousMode
ZwQueryKey
ZwEnumerateKey
ZwUnloadKey
ZwLoadKey
PsSetCreateProcessNotifyRoutine
_stricmp
ExAllocatePoolWithTag
ZwCreateKey
ZwSetValueKey
ZwTerminateProcess
ZwCreateEvent
ZwOpenEvent
KeLowerIrql
KeRaiseIrqlToDpcLevel
_strlwr
SeSinglePrivilegeCheck
SeExports
IoCreateFile
_strnicmp
strstr
ObOpenObjectByName
_vsnprintf
strrchr
strchr
strncpy
KeQueryTimeIncrement
sprintf
_snprintf
atoi
isspace
isdigit
PsGetVersion
RtlQueryRegistryValues
RtlZeroMemory
ExInterlockedInsertTailList
MmUserProbeAddress
SeSetSecurityDescriptorInfo
ZwSetInformationFile
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ExUuidCreate
IoDeleteDevice
ZwFlushVirtualMemory
MmMapLockedPagesSpecifyCache
ExInterlockedRemoveHeadList
IoCreateDevice
KeInitializeMutex
KeReleaseMutex
ZwQuerySystemInformation
ZwDuplicateObject
ZwQueryValueKey
KeUnstackDetachProcess
MmUnmapLockedPages
KeStackAttachProcess
IoGetCurrentProcess
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
RtlCharToInteger
RtlUnicodeStringToInteger
towlower
PsLookupProcessByProcessId
KeInitializeSemaphore
KeReleaseSemaphore
RtlSetSaclSecurityDescriptor
RtlSubAuthoritySid
RtlInitializeSid
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlLengthRequiredSid
PsThreadType
KeSetPriorityThread
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
ZwDeviceIoControlFile
ZwPulseEvent
memchr
wcsstr
RtlCopyMemory
RtlCompareUnicodeString
IoGetDriverObjectExtension
MmIsAddressValid
ExQueueWorkItem
KeWaitForMultipleObjects
MmMapLockedPages
IoBuildDeviceIoControlRequest
IoCancelIrp
KeNumberProcessors
KfRaiseIrql
IoGetStackLimits
ZwOpenThread
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
strncmp
mbstowcs
ZwSetInformationThread
ZwRequestWaitReplyPort
ZwQueryObject
KeAddSystemServiceTable
RtlLengthSid
RtlValidSid
ZwQueryInformationToken
ZwOpenProcessToken
IoFreeIrp
MmBuildMdlForNonPagedPool
IoAllocateIrp
srand
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwFsControlFile
ZwOpenKey
ZwDeleteKey
_snwprintf
ZwClose
ProbeForRead
ZwWriteFile
ZwFlushKey
__C_specific_handler
IofCompleteRequest
memcpy
RtlInitUnicodeString
IoGetDeviceObjectPointer
ObfReferenceObject
ObfDereferenceObject
_wcsnicmp
ZwSetEvent
KeDelayExecutionThread
KeGetCurrentThread
KeGetCurrentIrql
IoGetInitialStack
KeInitializeEvent
KeInitializeDpc
KeSetImportanceDpc
KeSetTargetProcessorDpc
KeInsertQueueDpc
KeWaitForSingleObject
RtlCreateSecurityDescriptor
KeSetEvent

hal

KeQueryPerformanceCounter

ndis.sys

NdisAllocatePacketPool
NdisAllocateBufferPool
NdisAllocateBuffer
NdisOpenAdapter
NdisCloseAdapter
NdisRequest
NdisCompleteUnbindAdapter
NdisFreeBufferPool
NdisDeregisterProtocol
NdisRegisterProtocol
NdisMRegisterMiniport
NdisTerminateWrapper
NdisInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisMGetDeviceProperty
NdisAllocatePacketPoolEx
NdisFreePacketPool
NdisAllocatePacket
NdisIMCopySendPerPacketInfo
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisGetVersion
NdisIMDeregisterLayeredMiniport

tdi.sys

TdiCopyMdlToBuffer

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 42B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1994c292f8b2736dffbd39b1b403e194

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

tdi.sys

Sections

.text Size: 361KB - Virtual size: 361KB

.data Size: 86KB - Virtual size: 154KB

.pdata Size: 15KB - Virtual size: 14KB

.edata Size: 512B - Virtual size: 42B

INIT Size: 6KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 361KB - Virtual size: 361KB

.data
Size: 86KB - Virtual size: 154KB

.pdata
Size: 15KB - Virtual size: 14KB

.edata
Size: 512B - Virtual size: 42B

INIT
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 2KB