3b36345838b8e278fa5a4e3b3e5b2b47dbb68766382fea00efdcc133e0556927

Sharing

Copy URL Twitter E-mail

General

Target

3b36345838b8e278fa5a4e3b3e5b2b47dbb68766382fea00efdcc133e0556927
Size

6.8MB
MD5

58093594dae346bf680e7a069f0ce7df
SHA1

33ab8f0967654c81b98cef89cf08cb8570a62dee
SHA256

3b36345838b8e278fa5a4e3b3e5b2b47dbb68766382fea00efdcc133e0556927
SHA512

3a27a51626f52d08b4ed304f79e359247e7f8af768aabd79c7f1ef4dcc4deda351cf8f0495feb5e51a31ab298c29b82d9ad88ec284a4fb34018c9c494423a1e2
SSDEEP

98304:dlqfYXHANPPk0TgYQvqYflu5dC2TaiX+YR4Vgvz2rm1QTTh9pQzf3srnIstaVX7Z:KfYHv0Tg/vqkqdCJiXUQQTF92crXt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b36345838b8e278fa5a4e3b3e5b2b47dbb68766382fea00efdcc133e0556927

Files

3b36345838b8e278fa5a4e3b3e5b2b47dbb68766382fea00efdcc133e0556927
.sys windows:10 windows x64 arch:x64

1e3b34404e0fe570d59674f9ffc8a561

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__chkstk
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bp0
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bp1
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bp2
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e3b34404e0fe570d59674f9ffc8a561

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 584B

.pdata Size: - Virtual size: 720B

INIT Size: - Virtual size: 1KB

.bp0 Size: - Virtual size: 3.9MB

.bp1 Size: 1024B - Virtual size: 648B

.bp2 Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 512B - Virtual size: 268B

.text
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 584B

.pdata
Size: - Virtual size: 720B

INIT
Size: - Virtual size: 1KB

.bp0
Size: - Virtual size: 3.9MB

.bp1
Size: 1024B - Virtual size: 648B

.bp2
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 512B - Virtual size: 268B