2e8eba5dd5244f77b05a64b0dbf3b210N

General

Target

2e8eba5dd5244f77b05a64b0dbf3b210N
Size

39KB
MD5

2e8eba5dd5244f77b05a64b0dbf3b210
SHA1

06b0c963a9799c2cf8f4d6f731487af00eca75b0
SHA256

630aa01761562a8b15a6fb69dea9cd977f066a967eda894a50e6be8b660ed910
SHA512

9019f2438fa13050d183302d5ba7ea8041feb08c7e5f2e8ce4633b36072f9f0a63e294a6bf1e570e7d12b69ff1c3e2c0881cf11758f2b29f75feb8009e0da68c
SSDEEP

768:vO/QxOWRpNPFwE5tuTStnU0XKPRvmEc5k/Cn:2/cDZCEJxXKdmZa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e8eba5dd5244f77b05a64b0dbf3b210N

Files

2e8eba5dd5244f77b05a64b0dbf3b210N
.sys windows:5 windows x86 arch:x86

bceab9763b883ed66b048f78ee5877b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rootmdm.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IofCallDriver
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwClose
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
ExAllocatePoolWithTag
RtlInitUnicodeString
ExInitializeResourceLite
KeInitializeEvent
KeInitializeSpinLock
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
DbgBreakPoint
memmove
ExDeleteResourceLite
IoDetachDevice
KeWaitForSingleObject
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
PoRequestPowerIrp
KeLeaveCriticalRegion
ExReleaseResourceLite
ObfDereferenceObject
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
KeSetEvent

Sections

.text
Size: 384B - Virtual size: 282B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bceab9763b883ed66b048f78ee5877b7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 384B - Virtual size: 282B

.rdata Size: 256B - Virtual size: 208B

.data Size: 128B - Virtual size: 4B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 236B

.text
Size: 384B - Virtual size: 282B

.rdata
Size: 256B - Virtual size: 208B

.data
Size: 128B - Virtual size: 4B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 236B