def111c93fcd1443664f3671bd9a5d9fe45f4474a9843ddbd47476bcc5ec0048N

Sharing

Copy URL Twitter E-mail

General

Target

def111c93fcd1443664f3671bd9a5d9fe45f4474a9843ddbd47476bcc5ec0048N
Size

764KB
MD5

f265377603d03a368da1283aac672c90
SHA1

53958e830f93336cf809b858214ae34ace716f95
SHA256

def111c93fcd1443664f3671bd9a5d9fe45f4474a9843ddbd47476bcc5ec0048
SHA512

c93a435761bca644d78212403741bb28848f4d540245fb9a7f878ab70f416b4acd23d889d3237dee6e6adb174b7fcfcb7bd73df2b7bbed54ee351bbc8300ab26
SSDEEP

12288:oNIA1GZFLtf3qPKr0LfF60OKzr1WXZe71+CZsNwfuW8dku/9awAwI2X8InFZ4FKV:/A1GzLBaPq0Z6DarAmbmN88dku0tkiOD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
def111c93fcd1443664f3671bd9a5d9fe45f4474a9843ddbd47476bcc5ec0048N

Files

def111c93fcd1443664f3671bd9a5d9fe45f4474a9843ddbd47476bcc5ec0048N
.sys windows:4 windows x86 arch:x86

949ae85007dc02bac332e5bb40e1522e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapMemoryDumpMdl
KeSetTargetProcessorDpc
PsSetProcessPriorityByClass
RtlCopyRangeList
IoInvalidateDeviceRelations
towlower
IoCreateSymbolicLink
NtFindAtom
RtlInsertElementGenericTableFull
ExConvertExclusiveToSharedLite
ExAcquireSharedStarveExclusive
RtlUnicodeStringToOemSize
ExAllocatePoolWithTagPriority
PsGetCurrentThreadId
RtlOemStringToCountedUnicodeString
KeSetBasePriorityThread
RtlImageNtHeader
CcSetLogHandleForFile
ZwFlushInstructionCache
KeNumberProcessors
WRITE_REGISTER_BUFFER_ULONG
MmLockPagableDataSection
ExfInterlockedPopEntryList
IoFreeMdl
FsRtlMdlWriteComplete
ExAllocatePoolWithQuota
PsSetCreateThreadNotifyRoutine
RtlTraceDatabaseDestroy
IoReportDetectedDevice
RtlDecompressFragment
IoCreateDevice
ZwQueryDirectoryFile
IoWriteErrorLogEntry
RtlCreateRegistryKey
IoGetTopLevelIrp
strrchr
RtlZeroMemory
ZwSetEaFile
NtQueryVolumeInformationFile
FsRtlOplockIsFastIoPossible
ZwOpenEvent
RtlFindClearRuns
MmUserProbeAddress
NtQueryQuotaInformationFile
ExDeletePagedLookasideList
IoMakeAssociatedIrp
RtlAddAccessAllowedAce
SeCloseObjectAuditAlarm
SeCaptureSecurityDescriptor
SeRegisterLogonSessionTerminatedRoutine
RtlPrefetchMemoryNonTemporal
ZwDeleteFile
IoWMIRegistrationControl
KeInitializeQueue
MmUnsecureVirtualMemory
wcslen
RtlUnicodeStringToAnsiString

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

949ae85007dc02bac332e5bb40e1522e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 348KB

.rdata Size: 512B - Virtual size: 492B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 348KB

.rdata
Size: 512B - Virtual size: 492B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 402KB - Virtual size: 401KB