564a6f67e08afb8c106e74212be0857e972175b1cde778a0a56ba10c0a5dc9be

General

Target

564a6f67e08afb8c106e74212be0857e972175b1cde778a0a56ba10c0a5dc9be
Size

306KB
MD5

42b92f6decede342f3649f7e07d16a37
SHA1

321f3ccf582c2abe708c276374e2d4aa4426ae46
SHA256

564a6f67e08afb8c106e74212be0857e972175b1cde778a0a56ba10c0a5dc9be
SHA512

ae6e2455c886bf26748ef9233d5eccc76688ef0f943d6ee269e5612134d59659bdbe3504a4d5dfed2ac06f2c0bd01b346f1cd05a93248bcab7f02fd94b434198
SSDEEP

6144:xrtm9tKuvH8MN5rPVBxYh1qRm9tKuvH8MNNrPRBx8h1O:xhaBvH8M3rPVuqRaBvH8MjrPRiO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
564a6f67e08afb8c106e74212be0857e972175b1cde778a0a56ba10c0a5dc9be

Files

564a6f67e08afb8c106e74212be0857e972175b1cde778a0a56ba10c0a5dc9be
.dll windows:6 windows x86 arch:x86

3f01f864330089b7bd5dc98bca28fcc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\GodShield\Documents\驱动项目\版本发布_定制\1. VTDrv 调用链接库\VTDrv_x86.pdb

Imports

kernel32

CreateThread
VirtualAlloc
GetCurrentProcess
GetProcAddress
LoadLibraryA
Sleep
CloseHandle
GetTempPathA
WriteFile
ReadFile
GetFileSize
DeleteFileA
DisableThreadLibraryCalls
CreateFileA

user32

MapVirtualKeyA
GetSystemMetrics

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

Exports

Exports

VTDrv_1
VTDrv_10
VTDrv_11
VTDrv_12
VTDrv_13
VTDrv_14
VTDrv_15
VTDrv_16
VTDrv_17
VTDrv_18
VTDrv_19
VTDrv_2
VTDrv_20
VTDrv_21
VTDrv_3
VTDrv_4
VTDrv_5
VTDrv_6
VTDrv_7
VTDrv_8
VTDrv_9

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f01f864330089b7bd5dc98bca28fcc0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: - Virtual size: 56B

.rsrc Size: 294KB - Virtual size: 293KB

.reloc Size: 1024B - Virtual size: 620B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: - Virtual size: 56B

.rsrc
Size: 294KB - Virtual size: 293KB

.reloc
Size: 1024B - Virtual size: 620B