38dba5eb4430fc1f844a0e4185e01b04f31a0bb91a426b60f5fd811a103af4b2

Sharing

Copy URL Twitter E-mail

General

Target

38dba5eb4430fc1f844a0e4185e01b04f31a0bb91a426b60f5fd811a103af4b2
Size

28KB
MD5

87930cf93a24ef0db2a8f812e6f2936b
SHA1

cd45760f2f0de1eebd97b0dec432fd6656eb18d7
SHA256

38dba5eb4430fc1f844a0e4185e01b04f31a0bb91a426b60f5fd811a103af4b2
SHA512

f74acd2b8c260d2337789ef58c70c88a946911ba606e0e368b8f41d3e253951530b7cdc96a676aabc1854004152aae98bcf0bb8ce4c8fd40241a7c89f383113d
SSDEEP

384:4+Ws2Mp12YLRE8bDIr6OCPZbDsBpUnkY0Hlv3rcYWXL3yLF5JYqRZ5qcxK91O+Yn:4bs5DLza3xYCVrvWXLiLF5JhFBK9R4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38dba5eb4430fc1f844a0e4185e01b04f31a0bb91a426b60f5fd811a103af4b2

Files

38dba5eb4430fc1f844a0e4185e01b04f31a0bb91a426b60f5fd811a103af4b2
.sys windows:6 windows x64 arch:x64

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\dy\desktop\123213\drv20240724\sys\objfre_win7_amd64\amd64\CHRU41X01.pdb

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
IoGetDeviceProperty
ObfDereferenceObject
MmUnmapIoSpace
MmGetSystemRoutineAddress
IoGetDmaAdapter
DbgPrint
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeSetEvent
ObReferenceObjectByHandleWithTag
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
MmMapIoSpace
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 588B

PAGE Size: 6KB - Virtual size: 6KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 588B

PAGE
Size: 6KB - Virtual size: 6KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 96B