5841fac55aafebdca66d796835e0b2a0N

General

Target

5841fac55aafebdca66d796835e0b2a0N
Size

72KB
MD5

5841fac55aafebdca66d796835e0b2a0
SHA1

8c1fd076d46b7fa8de3aa6338e4263e32f8ddae3
SHA256

5af630f3a6aa141d44144be4061169aee30c895d322816d8030b6579b8dee6ff
SHA512

8dfeeedd48987b257bcdd711af8a9ff9ffb902d54523e7642eb191c1733af9a2aeed5f10b70e09891cbb4af5e4c7bdb37bf8da10bba9cd744246d70316d2a345
SSDEEP

1536:VvH2tops9L/Ao0Fzq0Oo+84yNz4Gd12ve5+NThYKDtydkyWGqsv:RH2qe/AhQ0aEV2vA+NThYKDsdkyWGqM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5841fac55aafebdca66d796835e0b2a0N

Files

5841fac55aafebdca66d796835e0b2a0N
.sys windows:6 windows x86 arch:x86

237db9234ce1e218e8729d83e5069e11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

KeEnterCriticalRegion
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsGetVersion
IofCompleteRequest
PsRemoveCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoDeleteSymbolicLink
swprintf
RtlRandom
KeQuerySystemTime
IoCreateSymbolicLink
IoCreateDevice
PsSetCreateThreadNotifyRoutine
ZwQuerySystemInformation
ZwReadFile
ZwClose
ZwQueryInformationFile
KeLeaveCriticalRegion
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strrchr
KeServiceDescriptorTable
MmIsAddressValid
memset
ObfDereferenceObject
ObReferenceObjectByHandle
ZwOpenDirectoryObject
KeTickCount
KeBugCheckEx
ExFreePoolWithTag
ZwOpenFile
ExAllocatePoolWithTag

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

$;P4nQ2<
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

G3Blt6%2
Size: 512B - Virtual size: 299B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

]<!+mS4I
Size: 512B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oS/tvd&j
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

G:C0"wFU
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

#NGx4cob
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

237db9234ce1e218e8729d83e5069e11

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

$;P4nQ2< Size: 4KB - Virtual size: 3KB

G3Blt6%2 Size: 512B - Virtual size: 299B

]<!+mS4I Size: 512B - Virtual size: 540B

oS/tvd&j Size: 3KB - Virtual size: 3KB

G:C0"wFU Size: 61KB - Virtual size: 60KB

#NGx4cob Size: 2KB - Virtual size: 1KB

$;P4nQ2<
Size: 4KB - Virtual size: 3KB

G3Blt6%2
Size: 512B - Virtual size: 299B

]<!+mS4I
Size: 512B - Virtual size: 540B

oS/tvd&j
Size: 3KB - Virtual size: 3KB

G:C0"wFU
Size: 61KB - Virtual size: 60KB

#NGx4cob
Size: 2KB - Virtual size: 1KB