f1c6779083db07ef22723d7f1c338410N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f1c6779083db07ef22723d7f1c338410N.exe
Size

109KB
MD5

f1c6779083db07ef22723d7f1c338410
SHA1

d5d1048d90939e3518f296c9c6db5515786ce1e5
SHA256

6a849b2d05faa852f496914bfc1462898858aa673a1ebbcb07f82d356c8d1815
SHA512

eff28fea7c100f708f7932cf825755a3bdf3189de4ae6d9c82e9c5a05e5aa932dcd25efc35a93b11daec10db9f4816e03f5a88c9b4c654a1adcfc8fc4dc230f2
SSDEEP

1536:76ZiQsXhV/Eq6mIJvKqzDe/ubFH7+yGgq9BrZ+gp:76cQsP/Eq6mKCqzYubt7+ymDL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1c6779083db07ef22723d7f1c338410N.exe

Files

f1c6779083db07ef22723d7f1c338410N.exe
.sys windows:6 windows x86 arch:x86

2fea96f736b8e70ec1975c73e3c905f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Project\xSpeed专业版\内核层\xSpeed\Win7Release\x86.pdb

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
sprintf
memcpy
memset
RtlGetVersion
KeDelayExecutionThread
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeWaitForSingleObject
PsCreateSystemThread
PsTerminateSystemThread
PsLookupThreadByThreadId
rand
srand
KeTickCount
KeGetCurrentThread
DbgPrint
KeSetEvent
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IoFileObjectType
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
KeBugCheckEx
RtlUnwind
RtlInitUnicodeString
_allmul
_alldiv
KeInitializeEvent

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel
KeQueryPerformanceCounter
KeGetCurrentIrql

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fea96f736b8e70ec1975c73e3c905f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 500B

.data Size: 512B - Virtual size: 248B

PAGE Size: 1024B - Virtual size: 672B

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 96KB - Virtual size: 96KB

.reloc Size: 1024B - Virtual size: 644B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 500B

.data
Size: 512B - Virtual size: 248B

PAGE
Size: 1024B - Virtual size: 672B

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 96KB - Virtual size: 96KB

.reloc
Size: 1024B - Virtual size: 644B