65d16b3de0b33ae396069ec03774d964138b621f72cc0942510fd861c7452308

Sharing

Copy URL

Twitter E-mail

General

Target

65d16b3de0b33ae396069ec03774d964138b621f72cc0942510fd861c7452308
Size

829KB
MD5

c0800002de2624428d42896cf97178f3
SHA1

fbab6fd51d843cd83d2968612fc6939e71570696
SHA256

65d16b3de0b33ae396069ec03774d964138b621f72cc0942510fd861c7452308
SHA512

40dd8b81f1316b959d0eaa748682036f85df3bbf990a03b028e35c8c303a0e2d96b97789ce2605102e41f7f3da5c6465393a318d062c804bff6e29a79ed1cea0
SSDEEP

6144:KDbAYd06/IEKpvJmZOKP8/gi89Bg3wrr03g3nECDsickBTHclD3AULzeDvfnaTkF:KYk06NxGTI6YpRMg5lU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65d16b3de0b33ae396069ec03774d964138b621f72cc0942510fd861c7452308

Files

65d16b3de0b33ae396069ec03774d964138b621f72cc0942510fd861c7452308
.sys windows:10 windows x64 arch:x64

7ad3066fef269b0369736567b92ca4b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ACE-DYNGAME.pdb

Imports

fltmgr.sys

FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation

ntoskrnl.exe

MmIsAddressValid
PsGetCurrentProcessId
RtlInitUnicodeString
DbgPrint
KeInitializeEvent
KeSetEvent
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeWaitForSingleObject
KeGetCurrentProcessorNumberEx
ExAllocatePool
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwOpenFile
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
ExAllocatePoolWithTag
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
ZwUnloadDriver
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
PsGetCurrentThreadId
__C_specific_handler
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
RtlEqualUnicodeString
KeClearEvent
KeReadStateEvent
CmRegisterCallback
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutineEx
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
KeDelayExecutionThread
KeQueryTimeIncrement
MmGetSystemRoutineAddress
PsGetProcessId
PsGetThreadProcessId
PsGetProcessPeb
PsInitialSystemProcess
MmMapIoSpace
MmUnmapIoSpace
RtlInt64ToUnicodeString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeToString
IoCreateFile
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
IoGetBaseFileSystemDeviceObject
IoFileObjectType
RtlUnicodeStringToAnsiString
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
MmGetPhysicalAddress
KeNumberProcessors
ZwOpenKey
ZwDeleteKey
ZwQueryValueKey
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
PsGetThreadProcess
IoGetCurrentProcess
KeBugCheck
ZwEnumerateKey
RtlCompareUnicodeString
PsGetProcessWow64Process
RtlInsertElementGenericTableFullAvl
MmGetVirtualForPhysical
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlCompareString
MmBuildMdlForNonPagedPool
PsThreadType
ZwQueryObject
RtlAnsiCharToUnicodeChar
ZwCreateSection
ZwQuerySystemInformation
KeBugCheckEx
RtlCopyUnicodeString
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlGetVersion
RtlxAnsiStringToUnicodeSize
NlsMbOemCodePageTag
wcsrchr
tolower
RtlCharToInteger
ZwClose
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeSetPriorityThread
RtlImageNtHeader
ZwProtectVirtualMemory
PsGetThreadTeb
PsLookupThreadByThreadId
PsIsProtectedProcess
PsIsThreadTerminating
KeInitializeApc
PsWrapApcWow64Thread
PsGetCurrentProcessWow64Process
KeInsertQueueApc
KeTestAlertThread

hal

HalGetBusDataByOffset
KeStallExecutionProcessor

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ad3066fef269b0369736567b92ca4b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fltmgr.sys

ntoskrnl.exe

hal

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 59KB

.pdata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 96B

.gfids Size: 512B - Virtual size: 72B

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 512B - Virtual size: 76B

.tvm0 Size: 696KB - Virtual size: 696KB

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 59KB

.pdata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 96B

.gfids
Size: 512B - Virtual size: 72B

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 512B - Virtual size: 76B

.tvm0
Size: 696KB - Virtual size: 696KB