cb0c3046b9d6ddf570cff0152129b7e0N[.]exe

General

Target

cb0c3046b9d6ddf570cff0152129b7e0N.exe
Size

7KB
MD5

cb0c3046b9d6ddf570cff0152129b7e0
SHA1

82bb2d025a8f960345ba0ba2abb20ad6bcf95f83
SHA256

20af33fe226fb805fe2e107519c00a252eb5ae8bb9e5f715a2cbb974e92faa9e
SHA512

38466a251223fa6514a13f1d2ea0d1eb1ed1a2af0ea8a0419bd07d2f4309f64c1263fce3c0cab5657840b2c472334d6cd1c353ef7b73c2ef53c7133b9d69ab26
SSDEEP

96:UXG+ZQ3ZE8QlmMB/IU7sgzacfMm20U/LGJ2j0W5EtR5my5BDYh7iPtWsWfYY:Sg3jQlmMNItkB2BzGJ2jeUAeePY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb0c3046b9d6ddf570cff0152129b7e0N.exe

Files

cb0c3046b9d6ddf570cff0152129b7e0N.exe
.sys windows:6 windows x86 arch:x86

1bf5e38d5f09f11211a321f77752e188

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\drv\he4\driver\objfre_wxp_x86\i386\ND.pdb

Imports

ntoskrnl.exe

ZwOpenKey
MmIsAddressValid
memcpy
IoDeleteDevice
ExfInterlockedRemoveHeadList
IoCreateDevice
IoFreeMdl
ZwClose
KefAcquireSpinLockAtDpcLevel
IoBuildPartialMdl
IoAllocateMdl
MmMapLockedPages
KeTickCount
KeBugCheckEx
ZwQueryKey
ZwEnumerateKey
ZwQueryValueKey
wcsncat
memset
RtlInitUnicodeString
ExAllocatePool
RtlAppendUnicodeToString
IoCreateSymbolicLink
IoDeleteSymbolicLink
ExFreePoolWithTag
ExfInterlockedInsertTailList
IoReleaseCancelSpinLock
IofCompleteRequest

hal

KfReleaseSpinLock
KeGetCurrentIrql

ndis.sys

NdisAllocatePacketPool
NdisOpenAdapter
NdisFreePacketPool
NdisCloseAdapter
NdisReset
NdisRequest
NdisDeregisterProtocol
NdisFreePacket
NdisRegisterProtocol
NdisAllocatePacket

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 273B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bf5e38d5f09f11211a321f77752e188

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 384B - Virtual size: 273B

.data Size: 128B - Virtual size: 8B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 384B - Virtual size: 336B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 384B - Virtual size: 273B

.data
Size: 128B - Virtual size: 8B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 336B