c3e96a55157593ec72a46b173a09100225521a496007a6f53544953967c621b0

General

Target

c3e96a55157593ec72a46b173a09100225521a496007a6f53544953967c621b0
Size

261KB
MD5

f512716e66d679dcb2070f81137d5dfe
SHA1

c453c8b18e7587900ec50d43d7f419505ca72988
SHA256

c3e96a55157593ec72a46b173a09100225521a496007a6f53544953967c621b0
SHA512

dd2b765486a0417ae1c1ffdacdfc41c91a45ad1847bbfce50e9ef56e05c92cea66c23f4f13d2258ea8278266d5394d68dd86984da90656a176012b49088e6b79
SSDEEP

6144:FzTIa/BU4nCU1sXFOKPRC82h1ubUmE6iFNTw2n1V:d/BU4nCU1sXFOKPRC8emEFFNT31V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3e96a55157593ec72a46b173a09100225521a496007a6f53544953967c621b0

Files

c3e96a55157593ec72a46b173a09100225521a496007a6f53544953967c621b0
.dll windows:4 windows x86 arch:x86

3ac1494885dce983024d9007885b0c77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeGetCurrentThread
KeReadStateTimer
KeQuerySystemTime
KeSetEvent
ZwClose
ZwQueryValueKey
RtlTimeFieldsToTime
KeSetTimer
IoDeleteDevice
IoDeleteSymbolicLink
KeCancelTimer
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
memcpy
KeInitializeSpinLock
memset
strlen
RtlUnwind
memmove
strchr
KeWaitForSingleObject
KeInitializeTimer
IofCallDriver
ZwOpenKey
IofCompleteRequest
KeResetEvent

hal

KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
KfLowerIrql

ndis.sys

NdisFreeMemory
NdisSetTimer
NdisInitializeEvent
NdisInitializeTimer
NdisWaitEvent
NdisResetEvent
NdisAllocateMemory

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ac1494885dce983024d9007885b0c77

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 38KB - Virtual size: 252KB

.data1 Size: 1024B - Virtual size: 768B

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 38KB - Virtual size: 252KB

.data1
Size: 1024B - Virtual size: 768B

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 7KB