89156c2a3547858ae731295d7788224dcdceb7a9eec69d706e8e11e16fff4dcb

Sharing

Copy URL

Twitter E-mail

General

Target

89156c2a3547858ae731295d7788224dcdceb7a9eec69d706e8e11e16fff4dcb
Size

809KB
MD5

44ff868edd24231050d90485c9ee9b9b
SHA1

06fd03fb493da63a6badc435935c9a0f1181afde
SHA256

89156c2a3547858ae731295d7788224dcdceb7a9eec69d706e8e11e16fff4dcb
SHA512

7569365020742442466d36f8ed057c5377cc43d338a9e3d846e5f5dc3f3f621aeca2c66ddd554d1a8c5aa9581e73bccebc1b22134d880b61f081b8c4e36d6e6d
SSDEEP

6144:uTn+Rwzd03mb8Qdry6bQfrn5Uwbwj/C4gaA1d+Pu/O7F5uVDOTzpoUjdHNDuxukV:uT+RwZ0wIg9yn8R57e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89156c2a3547858ae731295d7788224dcdceb7a9eec69d706e8e11e16fff4dcb

Files

89156c2a3547858ae731295d7788224dcdceb7a9eec69d706e8e11e16fff4dcb
.sys windows:10 windows x64 arch:x64

7ad3066fef269b0369736567b92ca4b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ACE-DYNGAME.pdb

Imports

fltmgr.sys

FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation

ntoskrnl.exe

MmIsAddressValid
PsGetCurrentProcessId
RtlInitUnicodeString
DbgPrint
KeInitializeEvent
KeSetEvent
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeWaitForSingleObject
KeGetCurrentProcessorNumberEx
ExAllocatePool
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwOpenFile
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
ExAllocatePoolWithTag
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
ZwUnloadDriver
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
PsGetCurrentThreadId
__C_specific_handler
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
RtlEqualUnicodeString
KeClearEvent
KeReadStateEvent
CmRegisterCallback
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutineEx
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
KeDelayExecutionThread
KeQueryTimeIncrement
MmGetSystemRoutineAddress
PsGetProcessId
PsGetThreadProcessId
PsGetProcessPeb
PsInitialSystemProcess
MmMapIoSpace
MmUnmapIoSpace
RtlInt64ToUnicodeString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeToString
IoCreateFile
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
IoGetBaseFileSystemDeviceObject
IoFileObjectType
RtlUnicodeStringToAnsiString
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
MmGetPhysicalAddress
KeNumberProcessors
ZwOpenKey
ZwDeleteKey
ZwQueryValueKey
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
PsGetThreadProcess
IoGetCurrentProcess
KeBugCheck
ZwEnumerateKey
RtlCompareUnicodeString
PsGetProcessWow64Process
RtlInsertElementGenericTableFullAvl
MmGetVirtualForPhysical
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlCompareString
MmBuildMdlForNonPagedPool
PsThreadType
ZwQueryObject
RtlAnsiCharToUnicodeChar
ZwCreateSection
ZwQuerySystemInformation
KeBugCheckEx
RtlCopyUnicodeString
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlGetVersion
RtlxAnsiStringToUnicodeSize
NlsMbOemCodePageTag
wcsrchr
tolower
RtlCharToInteger
ZwClose
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeSetPriorityThread
RtlImageNtHeader
ZwProtectVirtualMemory
PsGetThreadTeb
PsLookupThreadByThreadId
PsIsProtectedProcess
PsIsThreadTerminating
KeInitializeApc
PsWrapApcWow64Thread
PsGetCurrentProcessWow64Process
KeInsertQueueApc
KeTestAlertThread

hal

HalGetBusDataByOffset
KeStallExecutionProcessor

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ad3066fef269b0369736567b92ca4b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fltmgr.sys

ntoskrnl.exe

hal

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 59KB

.pdata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 96B

.gfids Size: 512B - Virtual size: 72B

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 512B - Virtual size: 76B

.tvm0 Size: 676KB - Virtual size: 676KB

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 59KB

.pdata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 96B

.gfids
Size: 512B - Virtual size: 72B

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 512B - Virtual size: 76B

.tvm0
Size: 676KB - Virtual size: 676KB