264618bf97d148a8712f27064802b44cfbdb8a9bd3742e0707a4868f5776d93a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

264618bf97d148a8712f27064802b44cfbdb8a9bd3742e0707a4868f5776d93a
Size

11KB
MD5

0fdac4531a3893bc0104b04f40e36271
SHA1

56d7699033616f0fa84e7ea298a0660662f4d905
SHA256

264618bf97d148a8712f27064802b44cfbdb8a9bd3742e0707a4868f5776d93a
SHA512

8feb6891a1d0eb8e3e7f9a7fe966d18bb3601592df3a2b35cad2734c666062a1d9c48b3fe7f07258061487f324b1a825c15a9177a0e0b713f1c251766079cc9f
SSDEEP

192:WTQWi7SncGrkz0VLA9l0Hy9g2Xkq2CzMY+4C:WT/OSncyI0HskOM+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
264618bf97d148a8712f27064802b44cfbdb8a9bd3742e0707a4868f5776d93a

Files

264618bf97d148a8712f27064802b44cfbdb8a9bd3742e0707a4868f5776d93a
.exe windows x64

19806445e95ca2c93b0ab5ea7c52e67d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__C_specific_handler
ExFreePoolWithTag
KeUnstackDetachProcess
KeStackAttachProcess
IoGetCurrentProcess
ExAllocatePool
ObfDereferenceObject
PsGetProcessWow64Process
PsLookupProcessByProcessId
MmHighestUserAddress
PsGetCurrentThreadId
PsGetCurrentProcessId
ZwAllocateVirtualMemory
RtlEqualUnicodeString
MmUserProbeAddress
ExRaiseDatatypeMisalignment
ProbeForRead
RtlAssert
PsGetProcessPeb
RtlInitUnicodeString
wcscpy
wcslen
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoIsWdmVersionAvailable
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE