ca393682771a2e0db98a09520b8e317170adee8994c45aa3763852f5857e8249

Sharing

Copy URL Twitter E-mail

General

Target

ca393682771a2e0db98a09520b8e317170adee8994c45aa3763852f5857e8249
Size

6.3MB
MD5

c58b2d353fb94d93f36f603c3417ca0f
SHA1

aae2399726e70d772dc61619965c132a726d4216
SHA256

ca393682771a2e0db98a09520b8e317170adee8994c45aa3763852f5857e8249
SHA512

75d2adbff2c438c14d87572d60a4d575c80f355619b72f827a3e943556a9ec28c27a66041f6929d3d7131c9a60474ebcccafafd345f723e0d339b06885741f2a
SSDEEP

24576:crGX3VMJqwa4jbPx6OLvaxeHcKVfhCsq9TBY+Nhnj0VUSxuwW/zp5IL:cSeq0LCWT/CJXBjI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca393682771a2e0db98a09520b8e317170adee8994c45aa3763852f5857e8249

Files

ca393682771a2e0db98a09520b8e317170adee8994c45aa3763852f5857e8249
.sys windows:5 windows x64 arch:x64

d498f7f3bd2d3c549687a92f7440b17c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

S:\ScanProjects\trunk\BuildBkav4\BkavSysLib\x64\Release\SysLib4.pdb

Imports

ntoskrnl.exe

__C_specific_handler
KeReadStateEvent
ExAllocatePool
ExFreePoolWithTag
strncpy
strncat
wcsncmp
strrchr
wcsncpy
wcsrchr
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwClose
ZwQueryInformationFile
ZwOpenFile
RtlAppendUnicodeStringToString
RtlInitUnicodeString
ZwSetInformationFile
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfDereferenceObject
IoGetDeviceObjectPointer
_local_unwind
_stricmp
strstr
_strupr
tolower
wcsstr
ZwSetValueKey
_wcslwr
ZwQueryValueKey
wcsncat
ZwEnumerateKey
ZwQueryKey
ExAllocatePoolWithTag
ZwCreateKey
RtlFreeUnicodeString
RtlUnicodeStringToInteger
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strncmp
__chkstk
_strnicmp
InitSafeBootMode
_wcsnicmp
ZwOpenKey
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
KeSetEvent
IofCompleteRequest
_strlwr
PsTerminateSystemThread
MmIsAddressValid

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d498f7f3bd2d3c549687a92f7440b17c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 60KB - Virtual size: 59KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 60KB - Virtual size: 59KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 26KB - Virtual size: 25KB