556fd4f030b8bfe4fe28d8660f13ba9370ddde9fae7cec12f07935b731d44a87

Sharing

Copy URL Twitter E-mail

General

Target

556fd4f030b8bfe4fe28d8660f13ba9370ddde9fae7cec12f07935b731d44a87
Size

24KB
MD5

9fa99d484ac1a44a60811a65bbc89188
SHA1

9ebb7744402f076276ccd5c7df6ea9c0a88adfe1
SHA256

556fd4f030b8bfe4fe28d8660f13ba9370ddde9fae7cec12f07935b731d44a87
SHA512

494ec01ef8b6086665801e3d96ff14f39290166ce577dbe1f5d3718ee19024585bdb13f7c482ea68bcff34422b8f3fc8ed5f266bbd3007bc54f716cc931ece52
SSDEEP

384:FDWs/8Y51AQD/7E8SHsYkFUcjLttzWjUY0H+A7ZUrOwIVSXmNCuvzrEx0DWz+TH:FSsDrIZsZRYCJurnS7K0DI2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556fd4f030b8bfe4fe28d8660f13ba9370ddde9fae7cec12f07935b731d44a87

Files

556fd4f030b8bfe4fe28d8660f13ba9370ddde9fae7cec12f07935b731d44a87
.sys windows:6 windows x64 arch:x64

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\dy\desktop\drv20240724\sys\objfre_win7_amd64\amd64\CHRU41X01.pdb

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
IoGetDeviceProperty
ObfDereferenceObject
MmUnmapIoSpace
MmGetSystemRoutineAddress
IoGetDmaAdapter
DbgPrint
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeSetEvent
ObReferenceObjectByHandleWithTag
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
MmMapIoSpace
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 1024B - Virtual size: 1004B

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 516B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1024B - Virtual size: 1004B

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 516B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 96B