959ff7f2ef42f53ff33cbddbc7859325e02cb12eeb03fc30d55d71ad7de1616f | Triage

Sharing

General

Target

959ff7f2ef42f53ff33cbddbc7859325e02cb12eeb03fc30d55d71ad7de1616f
Size

11KB
MD5

388be9c3f21d6851061aea97313d5cc8
SHA1

562d35871ff21afa063e174c3c07f3443ae7d6c5
SHA256

959ff7f2ef42f53ff33cbddbc7859325e02cb12eeb03fc30d55d71ad7de1616f
SHA512

cc6eb2cd68d75418b2e8a75e1500584d84595c877179c92dcfe5238796bf7f0a2c7a032cf1b8931664a6671b5f68287d7df4be94bd048edc9350c644f663be03
SSDEEP

192:7TQWi7SncGrkz0VLA9l0HyZg2Xkq2CzMY+4C:7T/OSncyI0HYkOM+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
959ff7f2ef42f53ff33cbddbc7859325e02cb12eeb03fc30d55d71ad7de1616f

Files

959ff7f2ef42f53ff33cbddbc7859325e02cb12eeb03fc30d55d71ad7de1616f
.exe windows x64

19806445e95ca2c93b0ab5ea7c52e67d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__C_specific_handler
ExFreePoolWithTag
KeUnstackDetachProcess
KeStackAttachProcess
IoGetCurrentProcess
ExAllocatePool
ObfDereferenceObject
PsGetProcessWow64Process
PsLookupProcessByProcessId
MmHighestUserAddress
PsGetCurrentThreadId
PsGetCurrentProcessId
ZwAllocateVirtualMemory
RtlEqualUnicodeString
MmUserProbeAddress
ExRaiseDatatypeMisalignment
ProbeForRead
RtlAssert
PsGetProcessPeb
RtlInitUnicodeString
wcscpy
wcslen
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoIsWdmVersionAvailable
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE