26cf5800f2f74aa2a0aea53150b1d212fe177f8f13eb622ed31c9513e5b5e72e

General

Target

26cf5800f2f74aa2a0aea53150b1d212fe177f8f13eb622ed31c9513e5b5e72e
Size

26KB
MD5

d5d81829b04411c926121715189ceb2d
SHA1

29105f0579a973b4c93c48940562a0696112579b
SHA256

26cf5800f2f74aa2a0aea53150b1d212fe177f8f13eb622ed31c9513e5b5e72e
SHA512

1e9cbe7eb162726bf3c2de4cc911b0be053b3b5a00cda07d59d640fb00a60e44791413c9529e9f992d3ac90082559b316e52e014e137865f4f82ae8b046343e2
SSDEEP

384:ZLWsKfvDjaNYpe6KziHgZ4UFRbIhvCk41kY0HEx5q+m1SRd/I57ex6dn9m:ZasQ+6KzPPnbavfYCEzq+1eJvdo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cf5800f2f74aa2a0aea53150b1d212fe177f8f13eb622ed31c9513e5b5e72e

Files

26cf5800f2f74aa2a0aea53150b1d212fe177f8f13eb622ed31c9513e5b5e72e
.sys windows:6 windows x64 arch:x64

87d6838b92cd003e5e07f971edf729fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\dy\desktop\DvrINF\amd64\CHR44X05.pdb

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
IoGetDeviceProperty
ObfDereferenceObject
MmUnmapIoSpace
MmMapIoSpace
KeAcquireSpinLockRaiseToDpc
MmGetSystemRoutineAddress
KeSetEvent
IoGetDmaAdapter
ObReferenceObjectByHandle
ExEventObjectType
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
KeReleaseSpinLock
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87d6838b92cd003e5e07f971edf729fd

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 1012B

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 636B

PAGE Size: 6KB - Virtual size: 5KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 792B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 1012B

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 636B

PAGE
Size: 6KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 792B

.reloc
Size: 512B - Virtual size: 96B