6633595f92d0da4d2e50dac3d8253c8872475f2ec5c4d922dc8b58c612d8b3e4

Sharing

Copy URL Twitter E-mail

General

Target

6633595f92d0da4d2e50dac3d8253c8872475f2ec5c4d922dc8b58c612d8b3e4
Size

24KB
MD5

ab4fd56cb3b250d0764070e0bd73d03b
SHA1

f52b261abc1a080cd9217304a5933cb34a5a8c35
SHA256

6633595f92d0da4d2e50dac3d8253c8872475f2ec5c4d922dc8b58c612d8b3e4
SHA512

6181b4413c1d1c9e26266c98d5ae2cc3a0f14f0ff5118ac8e497b9ef9bfb7eeafc74e92011f43a79966a5bc42117f70bf565f0fbcf2077f147de7a76600bfe2b
SSDEEP

384:ZIvWsGIRcR1D3xYLXsokF5mBN9Sa+tmmz0Y0H+YWU3kigHvxEaUNlxxq2bXWAH:OesPqL2Z4yYCGU3kLJExRq2bmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6633595f92d0da4d2e50dac3d8253c8872475f2ec5c4d922dc8b58c612d8b3e4

Files

6633595f92d0da4d2e50dac3d8253c8872475f2ec5c4d922dc8b58c612d8b3e4
.sys windows:6 windows x64 arch:x64

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\dy\desktop\drv20240724\sys\objfre_win7_amd64\amd64\CHRU41X01.pdb

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
IoGetDeviceProperty
ObfDereferenceObject
MmUnmapIoSpace
MmGetSystemRoutineAddress
IoGetDmaAdapter
DbgPrint
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeSetEvent
ObReferenceObjectByHandleWithTag
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
MmMapIoSpace
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 1024B - Virtual size: 988B

.data Size: 512B - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 492B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1024B - Virtual size: 988B

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 492B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 96B