cde156dbcd74147b96971a53144392b0N[.]exe

General

Target

cde156dbcd74147b96971a53144392b0N.exe
Size

744KB
MD5

cde156dbcd74147b96971a53144392b0
SHA1

8f1ffe28d810941bd4ef72ba9e749a7d5e82e980
SHA256

321054c82346ce200ef919209228af8f25aa93729850202d33cd553f3d435176
SHA512

ede017229403a5d0c5b41e82b3cf6c0349fcef40fa156d42858ff7ea4d5a68aa1bc14fd6524fcf7c1697e870f7302effdb59648f06b2f69a681ce3c99ae016b0
SSDEEP

12288:jqpfT2p5Py/sITYaag6TYJs8G5O0keWzU0ZtkFLV2FPFBOBh9RNLFQprmJgOEMzN:jqpfT2Dy/NZD7ZPXwMPj+fFQQJ9dz7h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cde156dbcd74147b96971a53144392b0N.exe

Files

cde156dbcd74147b96971a53144392b0N.exe
.sys windows:4 windows x86 arch:x86

ce473486c89230404d23a72d009319c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeWaitForSingleObject
KeInitializeEvent
IofCallDriver
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
ZwQueryValueKey
IoFreeIrp
ObfDereferenceObject
IoAttachDeviceToDeviceStack
IoDetachDevice
RtlFreeUnicodeString
ZwOpenKey
RtlCopyUnicodeString
IoFreeMdl
KeInitializeTimer
IoBuildDeviceIoControlRequest
IoWMIRegistrationControl
KeClearEvent
PoSetPowerState
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
IoGetDeviceProperty
KeInsertQueueDpc
IoReleaseCancelSpinLock
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoAllocateErrorLogEntry
IoDeleteSymbolicLink
IoAcquireRemoveLockEx
ObfReferenceObject
ZwCreateKey
KeReleaseMutex
RtlAppendUnicodeStringToString
IoCreateSymbolicLink
_vsnprintf
IoGetAttachedDeviceReference
ExInitializeNPagedLookasideList
IoDisconnectInterrupt
IoConnectInterrupt
RtlWriteRegistryValue
ZwQuerySystemInformation
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
IoGetDeviceObjectPointer
ExAllocatePoolWithTag
_snprintf
IoCreateDevice

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce473486c89230404d23a72d009319c1

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 312KB - Virtual size: 312KB

.rdata Size: 512B - Virtual size: 265B

.data Size: 13KB - Virtual size: 12KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 414KB - Virtual size: 414KB

.text
Size: 312KB - Virtual size: 312KB

.rdata
Size: 512B - Virtual size: 265B

.data
Size: 13KB - Virtual size: 12KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 414KB - Virtual size: 414KB