b4db36d7ef110b2a7effd74c8396d19077db2ed115ed04f7d67eac4fcb81a69fN

Sharing

Copy URL Twitter E-mail

General

Target

b4db36d7ef110b2a7effd74c8396d19077db2ed115ed04f7d67eac4fcb81a69fN
Size

21KB
MD5

ba44bfa90ce1c90545fed513218b1dc0
SHA1

2d81369f0d6bf40c9d1889cd957234d617845728
SHA256

b4db36d7ef110b2a7effd74c8396d19077db2ed115ed04f7d67eac4fcb81a69f
SHA512

79b20a36d4098c332bb909243199049634e6b06774b8226bc1b7e10ab80561d86fc2352e5841351f6b167eca156d72d891173ee562f59f9a59f72262e3ca958f
SSDEEP

384:RF6UQjyNUqlcohAmPSqNJQL29kOWYx0hIN3ch6JQvv8iOxbjuKm4jUdUlGBXEI:RgU4yNflco+mqMQL2qOdx0hIlRQn8icq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/datascrn.sys

Files

b4db36d7ef110b2a7effd74c8396d19077db2ed115ed04f7d67eac4fcb81a69fN
.cab
datascrn.sys
.sys windows:5 windows x86 arch:x86

639dd34392f6455a989d196a528eeb21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

datascrn.pdb

Imports

ntoskrnl.exe

ExDeletePagedLookasideList
_vsnwprintf
RtlCopySid
SeQueryInformationToken
IoVolumeDeviceToDosName
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ExDeleteNPagedLookasideList
CcUnpinData
CcPreparePinWrite
_except_handler3
CcMapData
RtlAppendUnicodeStringToString
RtlCompareUnicodeString
ObReferenceObjectByHandle
IoFileObjectType
RtlAppendUnicodeToString
KeBugCheckEx
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
SeCaptureSubjectContext
SeTokenIsAdmin
SeReleaseSubjectContext
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlEnumerateGenericTableAvl
FsRtlIsNameInExpression
RtlEqualUnicodeString
RtlUpcaseUnicodeString
KeQueryTimeIncrement
RtlLookupElementGenericTableAvl
ExUuidCreate
RtlLengthSid
ExAllocatePoolWithTag
KeQuerySystemTime
RtlCopyUnicodeString
ExReleaseResourceForThreadLite
ExSetResourceOwnerPointer
ExAcquireResourceSharedLite
InterlockedPopEntrySList
RtlInitializeGenericTableAvl
ObfDereferenceObject
ExInitializeResourceLite
KeTickCount
ExFreePoolWithTag
ExReleaseResourceLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
InterlockedPushEntrySList
ExDeleteResourceLite
_allmul
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
ExConvertExclusiveToSharedLite
ZwClose
RtlRealSuccessor
RtlDeleteNoSplay

fltmgr.sys

FltCreateFile
FltGetFileNameInformationUnsafe
FltWriteFile
FltReadFile
FltGetStreamContext
FltSetStreamContext
FltGetVolumeInstanceFromName
FltSetInformationFile
FltQueryInformationFile
FltIsDirectory
FltGetVolumeGuidName
FltGetRequestorProcessId
FltSendMessage
FltCloseClientPort
FltGetDestinationFileNameInformation
FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltSetCallbackDataDirty
FltDetachVolume
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltStartFiltering
FltClose
FltGetInstanceContext
FltGetDiskDeviceObject
FltAllocateContext
FltGetVolumeName
FltSetInstanceContext
FltAllocateGenericWorkItem
FltObjectReference
FltQueueGenericWorkItem
FltObjectDereference
FltFreeGenericWorkItem
FltReleaseContext
FltCloseCommunicationPort
FltUnregisterFilter
FltCreateSystemVolumeInformationFolder

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

639dd34392f6455a989d196a528eeb21

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

fltmgr.sys

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 740B

.data Size: 1024B - Virtual size: 1KB

PAGE Size: 25KB - Virtual size: 25KB

INIT Size: 5KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 740B

.data
Size: 1024B - Virtual size: 1KB

PAGE
Size: 25KB - Virtual size: 25KB

INIT
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB