263dd4ff32cbf47a54a2de59722e4a71f17e48eb1c01b3f9a298aaf1d79a5e84N

General

Target

263dd4ff32cbf47a54a2de59722e4a71f17e48eb1c01b3f9a298aaf1d79a5e84N
Size

63KB
MD5

29e213964564d7e48d8dff655c8939f0
SHA1

bca99e1a33f241e5000a3e465a293402f565ec46
SHA256

263dd4ff32cbf47a54a2de59722e4a71f17e48eb1c01b3f9a298aaf1d79a5e84
SHA512

b6df80f931d878a5ed35cc152819718988e3155e829335788cb46958368c28cc4e3dc5343d935927b4240ce80f599829902484d38b7a77811027ec2b25e39447
SSDEEP

768:N6EUIiHGc7WBNMxobfPJLEITMXLa7OGhEdeMuzas9q+a72KnOvBZ1g2uN3DOEQRY:vXjAAFEITMbaykk1u5w72Ze9D5lX/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
263dd4ff32cbf47a54a2de59722e4a71f17e48eb1c01b3f9a298aaf1d79a5e84N

Files

263dd4ff32cbf47a54a2de59722e4a71f17e48eb1c01b3f9a298aaf1d79a5e84N
.sys windows:4 windows x86 arch:x86

1ee52e2e8dc95744e449963f5cf1a525

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeAcquireQueuedSpinLock

ntoskrnl.exe

RtlInitUnicodeString
ZwCreateKey
ZwQueryValueKey
RtlAddAccessAllowedAce
RtlCreateAcl
ExInitializeZone
RtlLengthSid
SeExports
ExInterlockedDecrementLong
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
ExAllocatePoolWithTag
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IoDeleteDevice
ExDeleteNPagedLookasideList
IoQueueWorkItem
ZwNotifyChangeKey
MmPageEntireDriver
IoFreeWorkItem
ExInitializeNPagedLookasideList
IoAllocateWorkItem
IoCreateDevice
DbgBreakPoint
KeReadStateEvent
KePulseEvent
MmAdvanceMdl
KeBugCheckEx
ExInterlockedFlushSList
KeSetTimerEx
KeInitializeDpc
KeInitializeTimer
MmLockPagableDataSection
KeSetTimer
MmUnlockPagableImageSection
KeRemoveQueueDpc

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ee52e2e8dc95744e449963f5cf1a525

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 17KB - Virtual size: 16KB

.INIT Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 232B

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 17KB - Virtual size: 16KB

.INIT
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 232B