96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc

Sharing

Copy URL Twitter E-mail

General

Target

96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc
Size

23KB
MD5

14580bd59c55185115fd3abe73b016a2
SHA1

71469dce9c2f38d0e0243a289f915131bf6dd2a8
SHA256

96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc
SHA512

386fdc30115eb9bb7d2172a214aecda8884bbb8ac46b50003723e87049811a2c348810a85cba50b27347b9b10d33b8c6e275fdb2bf32f9949ebdfd2c02014062
SSDEEP

384:dzah3aVobot8kQevwrvFkydyszfVpyAKweg78m789g+gsW8EV:dzoK5IFjysrBKwqg6EV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc

Files

96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc
.sys windows:4 windows x86 arch:x86

1b26bd2d1a927300bf23390102b168a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
IoQueueWorkItem
IoAllocateWorkItem
IoGetCurrentProcess
_stricmp
IoFreeWorkItem
RtlFreeUnicodeString
ZwClose
ZwWriteFile
ZwCreateFile
RtlAnsiStringToUnicodeString
_strnicmp
RtlUnwind
RtlCopyUnicodeString
wcsncmp
swprintf
IoCreateDevice
IoCreateSymbolicLink
KeInitializeSpinLock
ExfInterlockedInsertTailList
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
IoDeleteSymbolicLink
IoDeleteDevice
ExfInterlockedRemoveHeadList
IofCompleteRequest
ExAllocatePoolWithTag
strncmp
ExFreePool
KeInitializeApc
KeInsertQueueApc
KeAttachProcess
KeDetachProcess
NtQuerySystemInformation

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisAllocatePacket
NdisCopyFromPacketToPacket
NdisAllocateMemory
NdisFreePacket
NdisAllocateBuffer
NdisSetEvent
NdisResetEvent
NdisFreeBufferPool
NdisFreePacketPool
NdisFreeMemory
NdisWaitEvent
NdisQueryAdapterInstanceName
NdisOpenAdapter
NdisInitializeEvent
NdisAllocatePacketPool
NdisRegisterProtocol
NdisAllocateBufferPool
NdisCloseAdapter
NdisDeregisterProtocol

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 545B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b26bd2d1a927300bf23390102b168a7

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 1024B - Virtual size: 545B

.data Size: 2KB - Virtual size: 314KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 1024B - Virtual size: 545B

.data
Size: 2KB - Virtual size: 314KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 2KB - Virtual size: 1KB