e2aee7411b84911c70b8a41816839250N[.]exe

General

Target

e2aee7411b84911c70b8a41816839250N.exe
Size

14KB
MD5

e2aee7411b84911c70b8a41816839250
SHA1

c5b7664662183907ef9dd4d688e913e8e3464f75
SHA256

4c6d0af8682ce199601ae9a65958220ebc4249f26a0e16da8c108e6c5d6e2730
SHA512

7cee52583b3930d144697f1b426688d6337ef16b821804650dfe6232de096a8e0f77ddafcf8b2fc4fccbe1b9f69e1fb08047f3d623527db90997a836a3057c21
SSDEEP

384:TiDeaMdXYtcj5xHO+KeS9/19rsL0zxnLHXaRmtLmWIef:/dXOcjLO+Kb9rvzxL3aqEef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2aee7411b84911c70b8a41816839250N.exe

Files

e2aee7411b84911c70b8a41816839250N.exe
.sys windows:3 windows x86 arch:x86

9a4754b2ce6aff9bf66426a4c482d559

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IofCallDriver
ExAllocatePoolWithTag
ExfInterlockedPopEntryList
RtlCompareMemory
IoGetDeviceObjectPointer
RtlAnsiStringToUnicodeString
RtlInitString
sprintf
IoGetConfigurationInformation
ZwClose
ZwSetValueKey
RtlInitUnicodeString
RtlFreeUnicodeString
ZwOpenKey
IoDeleteDevice
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ExFreePool
IoSetHardErrorOrVerifyDevice
IoFreeIrp
InterlockedDecrement
IoAllocateIrp
ExfInterlockedAddUlong
ExfInterlockedPushEntryList
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoFreeMdl
MmUnlockPages
KeDelayExecutionThread
IoWriteErrorLogEntry
RtlExtendedIntegerMultiply
IoAllocateErrorLogEntry
MmBuildMdlForNonPagedPool
IoAllocateMdl
InterlockedIncrement
ObReferenceObjectByPointer
ObfDereferenceObject

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a4754b2ce6aff9bf66426a4c482d559

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 7KB

PAGE Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 544B - Virtual size: 520B

.text
Size: 7KB - Virtual size: 7KB

PAGE
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 544B - Virtual size: 520B