5b4b2c30fda59d71e2e73af82710e338d4069b89adbe1b8757cdd7a15265ea92

Sharing

Copy URL Twitter E-mail

General

Target

5b4b2c30fda59d71e2e73af82710e338d4069b89adbe1b8757cdd7a15265ea92
Size

3.1MB
MD5

e3ab8bf73624162042fce91f905961a2
SHA1

eb34b605d492b116b5ca9228c27da9559c2023da
SHA256

5b4b2c30fda59d71e2e73af82710e338d4069b89adbe1b8757cdd7a15265ea92
SHA512

9ecb43bb7b6986bbbc060ee21fb073ba2051272215738b2d6d6681f0ac9cefcd42b2fbd7dddfbfe44207ceb8b952f7d20dd0278915bd53593fc3bf6ebe5d4668
SSDEEP

49152:5r36zcKKCaFbPTXjclofzlI3sbPoUANmGSBQjj0t4r/X7AM7CcIUIZ+6OkDK0S+h:5r+cpCa1PwAzZMUb2jjHz23UISpOh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b4b2c30fda59d71e2e73af82710e338d4069b89adbe1b8757cdd7a15265ea92

Files

5b4b2c30fda59d71e2e73af82710e338d4069b89adbe1b8757cdd7a15265ea92
.sys windows:10 windows x64 arch:x64

959b24886c3c3f7c2b4882aff8432933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI

ntoskrnl.exe

strtok_s
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ABCD0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ABCD1
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ABCD2
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959b24886c3c3f7c2b4882aff8432933

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 15KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 260B

.pdata Size: - Virtual size: 804B

INIT Size: - Virtual size: 1KB

.ABCD0 Size: - Virtual size: 1.8MB

.ABCD1 Size: 1024B - Virtual size: 656B

.ABCD2 Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 512B - Virtual size: 208B

.text
Size: - Virtual size: 15KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 260B

.pdata
Size: - Virtual size: 804B

INIT
Size: - Virtual size: 1KB

.ABCD0
Size: - Virtual size: 1.8MB

.ABCD1
Size: 1024B - Virtual size: 656B

.ABCD2
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 512B - Virtual size: 208B