78a0e8ba732917ec7369b446a64ea038448ba41b75596bf027a5ccafa8ba3dfe

Sharing

Copy URL Twitter E-mail

General

Target

78a0e8ba732917ec7369b446a64ea038448ba41b75596bf027a5ccafa8ba3dfe
Size

72KB
MD5

bd23fc5f562b2815428b84d276114a6c
SHA1

1e453f15b6cfb78fa9055673970608b86a49268d
SHA256

78a0e8ba732917ec7369b446a64ea038448ba41b75596bf027a5ccafa8ba3dfe
SHA512

ef93a1234c0f9d1ab7714348cf1fdff47642dbb4b420b811b51c434831443fa8b53e8b7fda4440e7591335313cdab66cd19d78eb02b95df276e0fc0e7a04d25a
SSDEEP

1536:sBzUqCLSpw6MWixtsDiO9HaSaDkmGLan7:sBRZXisGO5al5Jn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78a0e8ba732917ec7369b446a64ea038448ba41b75596bf027a5ccafa8ba3dfe

Files

78a0e8ba732917ec7369b446a64ea038448ba41b75596bf027a5ccafa8ba3dfe
.sys windows:6 windows x64 arch:x64

073f5af32dbf848a318916662dd8c9f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\jenkins\.jenkins\workspace\sys\extensionprotect\extension_protect\amd64\ExtensionProtect.pdb

Imports

ntoskrnl.exe

towlower
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
KeDelayExecutionThread
ObQueryNameString
ZwCreateFile
ZwQueryValueKey
RtlRandomEx
KeQueryTimeIncrement
ZwClose
ZwOpenProcess
ZwQueryInformationProcess
PsGetCurrentProcessId
RtlCopyUnicodeString
ObfDereferenceObject
ZwOpenFile
RtlMultiByteToUnicodeN
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
sprintf
RtlGetVersion
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoDeleteDevice
RtlCheckRegistryKey
IoUnregisterShutdownNotification
PsSetCreateProcessNotifyRoutineEx
IofCompleteRequest
RtlWriteRegistryValue
IoCreateSymbolicLink
IoCreateDevice
IoRegisterFsRegistrationChange
IofCallDriver
IoGetLowerDeviceObject
IoAttachDeviceToDeviceStackSafe
IoDetachDevice
IoGetAttachedDeviceReference
IoEnumerateDeviceObjectList
IoUnregisterFsRegistrationChange
ZwCreateKey
swprintf
RtlAppendUnicodeToString
ZwDeleteValueKey
ZwSetValueKey
_vsnwprintf
RtlTimeFieldsToTime
RtlTimeToTimeFields
CmRegisterCallback
RtlCompareMemory
CmUnRegisterCallback
ZwDeleteKey
KeBugCheckEx
MmGetSystemRoutineAddress
PsGetVersion
__C_specific_handler
__chkstk

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 32.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

073f5af32dbf848a318916662dd8c9f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 7KB - Virtual size: 32.5MB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 512B - Virtual size: 144B

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 7KB - Virtual size: 32.5MB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 144B