f6d06ab9bff5cb4e756e1d8afd6fad7e90ab3b71b085eb00f49a0cf6388d05cc

Sharing

Copy URL

Twitter E-mail

General

Target

f6d06ab9bff5cb4e756e1d8afd6fad7e90ab3b71b085eb00f49a0cf6388d05cc
Size

5.8MB
MD5

51015994fe60843a809cb65ff57c07a6
SHA1

8c46c31a50e9ea8870233819ac8d385533b3c2f4
SHA256

f6d06ab9bff5cb4e756e1d8afd6fad7e90ab3b71b085eb00f49a0cf6388d05cc
SHA512

8996740e11baf4374d1fa3679ed0ef877cdf5eb703a1809d0f3f5d69e5b0f190a3705511bc2adaf2bf8badcaf23ee671b328d4d7d0a9d6158611ac2662197a21
SSDEEP

98304:JHHYNs9U9Da0cIEjdw3nbTUvLavpJ0/CGdbX:BHYN6U98rdIn9RidbX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6d06ab9bff5cb4e756e1d8afd6fad7e90ab3b71b085eb00f49a0cf6388d05cc

Files

f6d06ab9bff5cb4e756e1d8afd6fad7e90ab3b71b085eb00f49a0cf6388d05cc
.sys windows:6 windows x64 arch:x64

a15c9ce4867da1a31f97c96431dd06f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePool
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

fwpkclnt.sys

FwpmEngineOpen0

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vlizer
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a15c9ce4867da1a31f97c96431dd06f4

Headers

File Characteristics

Imports

ntoskrnl.exe

fwpkclnt.sys

hal

Sections

.text Size: - Virtual size: 69KB

.rdata Size: - Virtual size: 17KB

.data Size: - Virtual size: 136KB

.pdata Size: - Virtual size: 1KB

INIT Size: - Virtual size: 4KB

.text0 Size: - Virtual size: 1.7MB

.text1 Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: - Virtual size: 180B

.vm_sec Size: 40KB - Virtual size: 40KB

.vlizer Size: 2.9MB - Virtual size: 2.9MB

.text
Size: - Virtual size: 69KB

.rdata
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 136KB

.pdata
Size: - Virtual size: 1KB

INIT
Size: - Virtual size: 4KB

.text0
Size: - Virtual size: 1.7MB

.text1
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: - Virtual size: 180B

.vm_sec
Size: 40KB - Virtual size: 40KB

.vlizer
Size: 2.9MB - Virtual size: 2.9MB