84899b8243851464835886f7b05504c5e84c8e5eb4769715d544889b5494acb7

Sharing

Copy URL Twitter E-mail

General

Target

84899b8243851464835886f7b05504c5e84c8e5eb4769715d544889b5494acb7
Size

24KB
MD5

20e7146b2afaa05d84137d3745326101
SHA1

1cb36717c104e6b24b91bc36df9fca0fc40d5fe8
SHA256

84899b8243851464835886f7b05504c5e84c8e5eb4769715d544889b5494acb7
SHA512

1fec38cc8c94fd819dfc098475499018eaf31b9e18d98eadac86db26b15bfc6d696e65b59428a6f7a9c81abd700fe07c43ee054f34fe6fc071c1d6c98de12435
SSDEEP

384:+I/WsmIRcR1DjAE8rLCs0kll1HP8t2WjUY0H+YWTZcCQ3vyaU9lxxq27XWAH:VusvqPcLE40CYCGTZc76BRq27mg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84899b8243851464835886f7b05504c5e84c8e5eb4769715d544889b5494acb7

Files

84899b8243851464835886f7b05504c5e84c8e5eb4769715d544889b5494acb7
.sys windows:6 windows x64 arch:x64

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\dy\desktop\drv20240724\sys\objfre_win7_amd64\amd64\CHRU41X01.pdb

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
IoGetDeviceProperty
ObfDereferenceObject
MmUnmapIoSpace
MmGetSystemRoutineAddress
IoGetDmaAdapter
DbgPrint
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeSetEvent
ObReferenceObjectByHandleWithTag
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
MmMapIoSpace
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aca2992c3768f663cbd3563de5671d9

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 1024B - Virtual size: 988B

.data Size: 512B - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 492B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1024B - Virtual size: 988B

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 492B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 96B