kernelmode-org[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

kernelmode-org.exe
Size

8KB
MD5

8c7005f10883ea8a217c052c7417a25e
SHA1

6d2ec80cfa1285e2f42dae1921d347588ed241b4
SHA256

b285b2f2ab955b601c0627b5912a81236ec24c1872da4833c85cc94d9672af5c
SHA512

4d592faf046c95543d35e56bf69c626310ffb1488a2bb356aa9941ed9574faf83e0516f906d9f98f653d038086f964ee82115f89e30717fed8cb1b1827aa7df0
SSDEEP

96:zOaJ8Nn1rBsy/BplNTv1nW9JA2t4cWx+NYmDolhgkcfAi:zOaa/Bsy/BplN5OJV4cvumDolhpc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
kernelmode-org.exe

Files

kernelmode-org.exe
.exe windows x64

103e4720bea6ba3f0364a417a0e6148c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
RtlInitUnicodeString
MmCopyVirtualMemory
IoCreateDriver
IoGetCurrentProcess
PsLookupProcessByProcessId
IoCreateDevice
PsGetProcessSectionBaseAddress
IofCompleteRequest
IoCreateSymbolicLink
ProbeForRead
strcmp

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ