da25b3a9413ab53e374cb67b15b89e90N[.]exe

General

Target

da25b3a9413ab53e374cb67b15b89e90N.exe
Size

12KB
MD5

da25b3a9413ab53e374cb67b15b89e90
SHA1

8a1611e2546038be04c375b4c0b56d0b336242d0
SHA256

233f2e67fb9cda0c1709ef6d372e615e778aba0434bf649898b66d8b5304e13f
SHA512

736b1fe28ad6c620f9ac5adec66cecf00c2f01a8bb2b783586341e4045288f277d5034ecfbf2958e98376b1ddedf7d4ac4f24659133036e4201a3fbd3fc38b08
SSDEEP

192:cA96Kzxi2TAyADnJKgYMIMrMDRYvFnuCXiQE6BIQn9Vc9S6t715m:AKA2TADm38JtnuCXiQE6BnnTv6tTm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da25b3a9413ab53e374cb67b15b89e90N.exe

Files

da25b3a9413ab53e374cb67b15b89e90N.exe
.sys windows:3 windows x86 arch:x86

432b489979fc778504de9d90f3a7fc93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

READ_REGISTER_USHORT
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
KeDelayExecutionThread
WRITE_REGISTER_BUFFER_UCHAR
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
ExFreePool
ZwClose
RtlCopyUnicodeString
MmLockPagableDataSection
READ_REGISTER_UCHAR
RtlQueryRegistryValues
IoCreateDevice
RtlAppendUnicodeStringToString
RtlCheckRegistryKey
RtlIntegerToUnicodeString
IofCompleteRequest
IoDeleteDevice
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
MmUnlockPagableImageSection
RtlAppendUnicodeToString
RtlInitUnicodeString
ExAllocatePoolWithTag
ZwOpenKey
KeInitializeSpinLock
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
memmove

hal

READ_PORT_UCHAR
WRITE_PORT_UCHAR
KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEDIGI
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDIGI
Size: 640B - Virtual size: 621B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

432b489979fc778504de9d90f3a7fc93

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 512B - Virtual size: 502B

.data Size: 384B - Virtual size: 368B

PAGEDIGI Size: 5KB - Virtual size: 5KB

PAGEDIGI Size: 640B - Virtual size: 621B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 640B - Virtual size: 638B

.text
Size: 512B - Virtual size: 502B

.data
Size: 384B - Virtual size: 368B

PAGEDIGI
Size: 5KB - Virtual size: 5KB

PAGEDIGI
Size: 640B - Virtual size: 621B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 640B - Virtual size: 638B