a9f9e2355efe3ba2065d80f60fa399e0383a4fa44a25d638d4645ddda5ae859e[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a9f9e2355efe3ba2065d80f60fa399e0383a4fa44a25d638d4645ddda5ae859e.exe
Size

3.6MB
MD5

7aeeffcb70755c75256a1ac6134d88a9
SHA1

8b11c364c5bb8a8e677023ed3d2dd1ca2bc1efaa
SHA256

a9f9e2355efe3ba2065d80f60fa399e0383a4fa44a25d638d4645ddda5ae859e
SHA512

3496b824a47059efc9620b6715d9b3f54c5cccd8ed5e49d5a9f3f7c024a1b1bc5d323ecb75268cbc4d91053783b830573bf1c8e93e7e5ca4f1f704f36e109e68
SSDEEP

98304:hPLxgfsEiAxEzew7rx2EsYO+PWl5AWTyRdJ/+O:hPNQkdew7l5xLWl5Awq2O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9f9e2355efe3ba2065d80f60fa399e0383a4fa44a25d638d4645ddda5ae859e.exe

Files

a9f9e2355efe3ba2065d80f60fa399e0383a4fa44a25d638d4645ddda5ae859e.exe
.sys windows:10 windows x64 arch:x64

06a07f6506855e9a155d3f624607c82c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlGetVersion
_stricmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

wdfldr.sys

WdfVersionUnbind

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 622B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DD0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DD1
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DD2
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06a07f6506855e9a155d3f624607c82c

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

hal

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 716B

.pdata Size: - Virtual size: 192B

INIT Size: - Virtual size: 622B

.DD0 Size: - Virtual size: 2.2MB

.DD1 Size: 1024B - Virtual size: 728B

.DD2 Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 512B - Virtual size: 176B

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 716B

.pdata
Size: - Virtual size: 192B

INIT
Size: - Virtual size: 622B

.DD0
Size: - Virtual size: 2.2MB

.DD1
Size: 1024B - Virtual size: 728B

.DD2
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 512B - Virtual size: 176B