SecuriteInfo[.]com[.]Trojan[.]NtRootKit[.]18190[.]8543[.]2354[.]exe | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.NtRootKit.18190.8543.2354.exe
Size

2.4MB
MD5

784c6e44c5baa21141069e500cc76cde
SHA1

1685a4f82bd8881fd0a17cf38bf06af195d63c57
SHA256

b02b7a32990c8e9ac31db5502f0c2c83101cb2067d396c52991764e69622a701
SHA512

5ef0c4fd160b70dc921911fe39d95569363dabae38351767e8c2eefaf9b7303cff6d455f0785c65d61fd4f15eceb630a7adb5e04b5dbf4a35a48caadacfdf200
SSDEEP

49152:xTty5h8v3Q573oeAr9ExoIapYjab63hmBBy046XDJFKX7+4/ok2fI6Pwrgh:/y5g3QPAixXjab6xmBBlXgZgkaZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.NtRootKit.18190.8543.2354.exe

Files

SecuriteInfo.com.Trojan.NtRootKit.18190.8543.2354.exe
.sys windows:4 windows x86 arch:x86

bc594123d434400de640bb69320aa230

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgPrint
memcpy
RtlInitAnsiString
RtlAnsiStringToUnicodeString
IoCreateDevice
RtlFreeUnicodeString
IoIsWdmVersionAvailable
IoCreateSymbolicLink
IoDeleteDevice
MmGetSystemRoutineAddress
IoCompleteRequest
IoDeleteSymbolicLink
ExAllocatePool
ExFreePoolWithTag

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ