e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217

Sharing

Copy URL Twitter E-mail

General

Target

e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217
Size

22KB
MD5

0ae30291c6cbfa7be39320badd6e8de0
SHA1

c257aa4094539719a3c7b7950598ef872dbf9518
SHA256

e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217
SHA512

36005b02402fd684f9a13b104a809f0d2b520b6f63a0f3f882a29eb473c700bfbcf3d569a09277aed9accd619ff9b4cd8c1071b1ddad1bd9be4abf97a7fd79de
SSDEEP

384:0mkjGis6VmVLHFoxvFky9uzfVpqQKweg78e789g+g2T5s:1uJF/urpKwKg21s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217

Files

e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217
.sys windows:4 windows x86 arch:x86

1b26bd2d1a927300bf23390102b168a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
IoQueueWorkItem
IoAllocateWorkItem
IoGetCurrentProcess
_stricmp
IoFreeWorkItem
RtlFreeUnicodeString
ZwClose
ZwWriteFile
ZwCreateFile
RtlAnsiStringToUnicodeString
_strnicmp
RtlUnwind
RtlCopyUnicodeString
wcsncmp
swprintf
IoCreateDevice
IoCreateSymbolicLink
KeInitializeSpinLock
ExfInterlockedInsertTailList
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
IoDeleteSymbolicLink
IoDeleteDevice
ExfInterlockedRemoveHeadList
IofCompleteRequest
ExAllocatePoolWithTag
strncmp
ExFreePool
KeInitializeApc
KeInsertQueueApc
KeAttachProcess
KeDetachProcess
NtQuerySystemInformation

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisAllocatePacket
NdisCopyFromPacketToPacket
NdisAllocateMemory
NdisFreePacket
NdisAllocateBuffer
NdisSetEvent
NdisResetEvent
NdisFreeBufferPool
NdisFreePacketPool
NdisFreeMemory
NdisWaitEvent
NdisQueryAdapterInstanceName
NdisOpenAdapter
NdisInitializeEvent
NdisAllocatePacketPool
NdisRegisterProtocol
NdisAllocateBufferPool
NdisCloseAdapter
NdisDeregisterProtocol

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 545B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b26bd2d1a927300bf23390102b168a7

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 1024B - Virtual size: 545B

.data Size: 2KB - Virtual size: 314KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 1024B - Virtual size: 545B

.data
Size: 2KB - Virtual size: 314KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB