d53490225818523070cbbfd84111c0d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d53490225818523070cbbfd84111c0d0N.exe
Size

34KB
MD5

d53490225818523070cbbfd84111c0d0
SHA1

ff16a91b1fd8ae649f5df05660befb96e7aff82e
SHA256

aaf1e4fa8a543b3f0f087d22bb9b749f1e5073f98caf8bd5437d8ae911aad33c
SHA512

9678c4e25859469a8d5f29f5e2c93668110d12b5285e3a41e5cc3eba042db9872638574a845c298dbfa4d48d0a823d532bf718ccc8f059787154e1c89ea51d3c
SSDEEP

768:CmhpRxnMXzFL7HbKrI1zPiL6G+UAlP+FlHhsFDpn:bhp3MXzNHj122G+UAlAlB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d53490225818523070cbbfd84111c0d0N.exe

Files

d53490225818523070cbbfd84111c0d0N.exe
.sys windows:6 windows x86 arch:x86

bafaf09d8670f686cf9ad70495dfc0c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

blbdrive.pdb

Imports

ntoskrnl.exe

IoWMIWriteEvent
ExAllocatePoolWithTag
memcpy
memset
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlCompareMemory
IoWMIRegistrationControl
IofCompleteRequest
IofCallDriver
KeSetEvent
ZwClose
ZwFsControlFile
ZwOpenFile
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfDereferenceObject
IoGetAttachedDeviceReference
IoFileObjectType
ZwMapViewOfSection
ZwCreateSection
RtlInsertElementGenericTableAvl
ZwQueryVolumeInformationFile
RtlInitializeGenericTableAvl
ZwUnmapViewOfSection
RtlLookupElementGenericTableAvl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoAllocateIrp
ExFreePoolWithTag
IoFreeIrp
ZwReadFile
MmMapLockedPagesSpecifyCache
IoBuildPartialMdl
_alldiv
_allrem
_allshr
NtQueryInformationFile
IoInvalidateDeviceRelations
IoDeleteDevice
IoCreateDevice
swprintf_s
NtDuplicateObject
PsGetCurrentProcess
ObOpenObjectByPointer
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
ObfReferenceObject
DbgPrint
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
KeResetEvent
PsCreateSystemThread
IoAttachDeviceToDeviceStackSafe
IoReportDetectedDevice
KeTickCount
KeBugCheckEx
_allmul
IoAllocateMdl
ObReferenceObjectByHandle

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bafaf09d8670f686cf9ad70495dfc0c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 512B - Virtual size: 369B

.data Size: 1024B - Virtual size: 600B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 512B - Virtual size: 369B

.data
Size: 1024B - Virtual size: 600B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 2KB - Virtual size: 1KB