4070e2f02fb94906a32c4eeea5bdecbf0d9a7d0ad112d58dc3bce0b8a33f1d86N

Sharing

Copy URL Twitter E-mail

General

Target

4070e2f02fb94906a32c4eeea5bdecbf0d9a7d0ad112d58dc3bce0b8a33f1d86N
Size

44KB
MD5

e78a6509228cf6e74811e94dd7699720
SHA1

96558201b872b57d25bde1c3bed7d0b2a4ad7078
SHA256

4070e2f02fb94906a32c4eeea5bdecbf0d9a7d0ad112d58dc3bce0b8a33f1d86
SHA512

66244ccca16296ca205d295ed91903226105cd1b848a490ad454af64ab99756cb0c649ae5d6b6b1a2b54b0f5cf7ae9b497cd536da66b20b14493a558a0677b57
SSDEEP

768:tNnrkoXNjcmZ//roCujFYLNojwluiFlz4rM8Kzg/xjnb0hECFAyI0WMQB:tNnVFJr/GwWwBvAnK0pTb06CFnm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ipsec.sys

Files

4070e2f02fb94906a32c4eeea5bdecbf0d9a7d0ad112d58dc3bce0b8a33f1d86N
.cab
ipsec.sys
.sys windows:5 windows x86 arch:x86

26dce89c118252bcf4d7db75f23fd919

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ipsec.pdb

Imports

ntoskrnl.exe

IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
IofCompleteRequest
KeQuerySystemTime
RtlExtendedIntegerMultiply
ZwClose
MmIsThisAnNtAsSystem
ExInitializeNPagedLookasideList
KeGetRecommendedSharedDataAlignment
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
IoAcquireCancelSpinLock
IoCreateSymbolicLink
IoCreateDevice
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
_allshl
KeWaitForSingleObject
RtlIntegerToUnicodeString
IoReleaseCancelSpinLock
SeReportSecurityEvent
SeSetAuditParameter
KeTickCount
KeBugCheckEx
MmMapLockedPagesSpecifyCache
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeInitializeSpinLock
MmBuildMdlForNonPagedPool
MmSizeOfMdl
ExDeleteNPagedLookasideList
InterlockedPushEntrySList
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
ObfDereferenceObject
RtlAnsiStringToUnicodeString
ExQueueWorkItem
ExDeleteResourceLite
ExInitializeResourceLite
ZwDeviceIoControlFile
ZwLoadDriver
ZwCreateFile
RtlSplay
RtlDelete
KeCancelTimer
_alldiv
KeSetTimerEx
KeInitializeTimer
KeInitializeDpc
KeQueryTimeIncrement
memmove
InterlockedPopEntrySList

hal

KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

ndis.sys

NdisCancelTimer
NdisWriteEventLogEntry
NdisSetTimer
NdisInitializeTimer

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26dce89c118252bcf4d7db75f23fd919

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 512B - Virtual size: 356B

.data Size: 512B - Virtual size: 2KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 512B - Virtual size: 356B

.data
Size: 512B - Virtual size: 2KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 3KB - Virtual size: 3KB