1528a5d276a4ce2277b433a9f0ebe4a0N

Sharing

Copy URL Twitter E-mail

General

Target

1528a5d276a4ce2277b433a9f0ebe4a0N
Size

779KB
MD5

1528a5d276a4ce2277b433a9f0ebe4a0
SHA1

fd0dfb9d894a873888d8bc65cad9accdd491b55b
SHA256

805007919c216d094b7ac7720cc537268df9be3db511f84d47cff096c81d7b08
SHA512

a767e791b9b8f6790825b2f682be54fb609736aa5abe1bfcd60a4192824877d12ef9fdef794d5bb9c2e1f7a2366358c659cb61ae63c2f4d96b2ec3b9e2a2df5a
SSDEEP

1536:ucHgy4ZAkKxkv3Rec/RNJqcR4Vpv9suU1c4+F6tzxi4L41sirrmCPuejnfy/0Q3X:JxkXvDw7vtHy/0gGRLJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1528a5d276a4ce2277b433a9f0ebe4a0N

Files

1528a5d276a4ce2277b433a9f0ebe4a0N
.sys windows:6 windows x86 arch:x86

90dff60d093cff4c8302ade59293ddaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\7600.16385.1\src\filesys\minifilter\minispy\filter\objfre_wxp_x86\i386\WM7F.pdb

Imports

ntoskrnl.exe

RtlSetDaclSecurityDescriptor
ExInitializeNPagedLookasideList
PsGetVersion
ExInterlockedPushEntrySList
ExAllocatePoolWithTag
KeTickCount
KeBugCheckEx
ExFreePoolWithTag
RtlUnicodeStringToInteger
ZwOpenKey
ZwQueryValueKey
ZwCreateKey
ZwSetValueKey
_wcsupr
wcsstr
RtlIntegerToUnicodeString
memcpy
RtlCompareMemory
wcschr
RtlAppendUnicodeStringToString
memset
RtlFreeUnicodeString
RtlInitUnicodeString
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlUpcaseUnicodeString
RtlCopyUnicodeString
ZwClose
RtlCompareUnicodeString
ExDeleteNPagedLookasideList
RtlUnwind

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

fltmgr.sys

FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltStartFiltering
FltGetRequestorProcessId
FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltGetDestinationFileNameInformation
FltGetInstanceContext
FltAllocateContext
FltReleaseContext
FltGetVolumeProperties
FltSetInstanceContext
FltCloseCommunicationPort
FltUnregisterFilter
FltCloseClientPort

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90dff60d093cff4c8302ade59293ddaa

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 680KB - Virtual size: 680KB

PAGE Size: 10KB - Virtual size: 10KB

INIT Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 680KB - Virtual size: 680KB

PAGE
Size: 10KB - Virtual size: 10KB

INIT
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 7KB