8798c46c5d0a84bf11a56091b525c4e94285c89c79f220918ede5ed3849025e1

Sharing

Copy URL Twitter E-mail

General

Target

8798c46c5d0a84bf11a56091b525c4e94285c89c79f220918ede5ed3849025e1
Size

33KB
MD5

add9765c8e67caf44f71370bf5212973
SHA1

d4dd3612dacb4426f0b94d8883d17e9b30820ed2
SHA256

8798c46c5d0a84bf11a56091b525c4e94285c89c79f220918ede5ed3849025e1
SHA512

75b828268d5e2194df293d54c0345ed0f9661e7e957125574e9a4a5741c8c13721341b961af62869847ceb88556d0b11ac34c058b38267fcd4b2f5baefde3b1e
SSDEEP

768:oo4DrFcdloTWtqTKv+hu8XZXc7OZrxuZDJihVJvmtjP:oo4DredHtqTEaLXhcMxaDJQXvojP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8798c46c5d0a84bf11a56091b525c4e94285c89c79f220918ede5ed3849025e1

Files

8798c46c5d0a84bf11a56091b525c4e94285c89c79f220918ede5ed3849025e1
.sys windows:5 windows x86 arch:x86

679024cb66cbebca687822c2fc89f9b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
memmove
ExAllocatePoolWithTag
ObfDereferenceObject
IoFreeIrp
KeWaitForSingleObject
IofCallDriver
IoGetRelatedDeviceObject
KeInitializeEvent
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IofCompleteRequest
IoAllocateIrp
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
RtlInitUnicodeString
_allmul
IoBuildDeviceIoControlRequest
RtlCopyUnicodeString
IoCreateDevice
ExDeleteResourceLite
IoFreeWorkItem
IoAllocateWorkItem
KeStackAttachProcess
KeInitializeSpinLock
MmBuildMdlForNonPagedPool
IoFreeMdl
IoAllocateMdl
KeCancelTimer
wcslen
RtlCompareUnicodeString
KeSetEvent
IoDeleteDevice
MmMapLockedPagesSpecifyCache
ProbeForRead
ExGetPreviousMode
_except_handler3
ObfReferenceObject
MmProbeAndLockPages
ProbeForWrite
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
KeSetTimer
IoQueueWorkItem
KeInitializeTimer
KeInitializeDpc
KeTickCount
KeBugCheckEx
ZwCreateFile
ObReferenceObjectByHandle
ZwClose
KeUnstackDetachProcess
ExInitializeResourceLite
ExFreePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock

tdi.sys

TdiRegisterPnPHandlers
TdiDeregisterPnPHandlers

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��D7
Size: 1513.1MB - Virtual size: 922.0MB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

�+�f
Size: 1124.4MB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

ACACAAA
Size: 12KB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

679024cb66cbebca687822c2fc89f9b7

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

tdi.sys

Sections

.text Size: 14KB - Virtual size: 14KB

������D7 Size: 1513.1MB - Virtual size: 922.0MB

�+�f Size: 1124.4MB - Virtual size:

ACACAAA Size: 12KB - Virtual size: 16.0MB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

��D7
Size: 1513.1MB - Virtual size: 922.0MB

�+�f
Size: 1124.4MB - Virtual size:

ACACAAA
Size: 12KB - Virtual size: 16.0MB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1KB - Virtual size: 1KB