0fbcb3fb08d99d9928ab7935c95d06985bd17e0bd22695dd7f6840cf87fffe22N

Sharing

Copy URL

Twitter E-mail

General

Target

0fbcb3fb08d99d9928ab7935c95d06985bd17e0bd22695dd7f6840cf87fffe22N
Size

741KB
MD5

fee2a1c931f320212cb3b5a485d417f0
SHA1

b8128f30473ac0003519ca8528e25d6ffa7f12c8
SHA256

0fbcb3fb08d99d9928ab7935c95d06985bd17e0bd22695dd7f6840cf87fffe22
SHA512

fbc61c654ae3c5d18b27a45d2e4db261230c93e00399a7e80d97d944b3540ddb182f6b0ac09de618284d750637063971ad5f059ab13f322bacbf65df316cf8b4
SSDEEP

12288:lLGuLo0Ulqr/s0WFMB1nJD1pkZI7QSbBEIKbpRwLWlzYnIDwKd4nl7gtB5a7:Zo0uqYtMB1JHkZI7QSOhbvwS2Ik7lO/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fbcb3fb08d99d9928ab7935c95d06985bd17e0bd22695dd7f6840cf87fffe22N

Files

0fbcb3fb08d99d9928ab7935c95d06985bd17e0bd22695dd7f6840cf87fffe22N
.sys windows:4 windows x86 arch:x86

934da5a13a9588646aabc4d4e964f2c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAllocatePoolWithTag
KeSetEvent
IofCallDriver
ZwClose
IofCompleteRequest
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
IoFreeIrp
ObfDereferenceObject
PoStartNextPowerIrp
IoDetachDevice
RtlFreeUnicodeString
MmMapLockedPagesSpecifyCache
KeInitializeDpc
RtlCopyUnicodeString
IoFreeMdl
KeCancelTimer
ExFreePool
IoQueueWorkItem
KeInitializeTimer
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoWMIRegistrationControl
KeDelayExecutionThread
IoCancelIrp
IoRegisterDeviceInterface
PsCreateSystemThread
KeAcquireSpinLockAtDpcLevel
KeInsertQueueDpc
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
DbgPrint
RtlInitAnsiString
IoAllocateErrorLogEntry
IoDeleteSymbolicLink
MmUnmapIoSpace
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
IoReleaseRemoveLockEx
ZwCreateKey
KeQueryTimeIncrement
KeReleaseMutex
RtlAppendUnicodeStringToString
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
RtlIntegerToUnicodeString
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
IoDisconnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
KeSetPriorityThread
KeRemoveQueueDpc
ZwQuerySystemInformation
ExFreePoolWithTag

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

934da5a13a9588646aabc4d4e964f2c7

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 333KB - Virtual size: 333KB

.rdata Size: 512B - Virtual size: 276B

.data Size: 15KB - Virtual size: 14KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 387KB - Virtual size: 387KB

.text
Size: 333KB - Virtual size: 333KB

.rdata
Size: 512B - Virtual size: 276B

.data
Size: 15KB - Virtual size: 14KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 387KB - Virtual size: 387KB