e8e3e56eb639618192c60db89ae6217f66949d8ffbd8b790859d3e8e242ff72a

Sharing

Copy URL Twitter E-mail

General

Target

e8e3e56eb639618192c60db89ae6217f66949d8ffbd8b790859d3e8e242ff72a
Size

273KB
MD5

00c4087703064ab0e328bb540e5234f0
SHA1

ba999d38dc7e5b1356d9ed4e852c680e153c0613
SHA256

e8e3e56eb639618192c60db89ae6217f66949d8ffbd8b790859d3e8e242ff72a
SHA512

3fb3fd623558a6981d0a5140cf024e0e141d805de7edbe5797e30db07a7740159fa4af5b56effd8ab9c870d3ebc8c3b12e88fd02e0db781c1bc1e3a3bbdb4f4a
SSDEEP

6144:SOelW7lDHEIpGZr1SVInD99aICr5cKtI7P+YW0/p:SOeE7BEtqqnDvZCt/EP+Yxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8e3e56eb639618192c60db89ae6217f66949d8ffbd8b790859d3e8e242ff72a

Files

e8e3e56eb639618192c60db89ae6217f66949d8ffbd8b790859d3e8e242ff72a
.sys windows:10 windows x64 arch:x64

17377c9ab805454a4c5c5db2c94fb901

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Intel\Developer\8813\p4\989747040\drivers\TeeDriver\TEEDriver\GscHeci2release\TEEDriverGscW8x64.pdb

Imports

ksecdd.sys

SecLookupWellKnownSid

wpprecorder.sys

WppAutoLogStop
imp_WppRecorderLogGetDefault
imp_WppRecorderIsDefaultLogAvailable
imp_WppRecorderConfigure
WppAutoLogStart
WppAutoLogTrace
imp_WppRecorderReplay

ntoskrnl.exe

ZwOpenProcessTokenEx
ZwQueryInformationToken
memmove_s
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
RtlGUIDFromString
KeSetEvent
EtwWriteTransfer
RtlGetVersion
KeDelayExecutionThread
KeInitializeEvent
KeClearEvent
RtlValidSid
MmGetSystemRoutineAddress
IoWMIRegistrationControl
EtwRegister
EtwUnregister
KeReadStateEvent
KeWaitForMultipleObjects
MmMapIoSpace
MmUnmapIoSpace
PoUnregisterPowerSettingCallback
KeWaitForSingleObject
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeGetCurrentIrql
ZwPowerInformation
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlAnsiCharToUnicodeChar
RtlEqualSid
RtlCopyUnicodeString
DbgPrintEx
ZwClose
ExFreePoolWithTag
ExAllocatePoolWithTag
KeResetEvent

wdfldr.sys

WdfVersionUnbindClass
WdfVersionUnbind
WdfVersionBindClass
WdfVersionBind

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17377c9ab805454a4c5c5db2c94fb901

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ksecdd.sys

wpprecorder.sys

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 4KB

PAGE Size: 18KB - Virtual size: 17KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 512B - Virtual size: 132B

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 4KB

PAGE
Size: 18KB - Virtual size: 17KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 132B