7af880b583f9126adc18c452778f285be2e95d9ac46adc20a94544a742ae5f60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7af880b583f9126adc18c452778f285be2e95d9ac46adc20a94544a742ae5f60
Size

11KB
MD5

8b0375360346f8a2bc84e515a0703856
SHA1

8be29fc34f5778ac93d3ed317e004370ee79eae0
SHA256

7af880b583f9126adc18c452778f285be2e95d9ac46adc20a94544a742ae5f60
SHA512

f31b9079bb5efa224edc3352da1bb52d4912684a94a649c9109e05430e603bb953e19f6ddcd379d48072df74c5f0a82b20b614974a255e5e86b3d7b905b856ac
SSDEEP

192:8TQWi7SncGrkz0VLA9l0Hy3g2Xkq2CzMY+4C:8T/OSncyI0H6kOM+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7af880b583f9126adc18c452778f285be2e95d9ac46adc20a94544a742ae5f60

Files

7af880b583f9126adc18c452778f285be2e95d9ac46adc20a94544a742ae5f60
.exe windows x64

19806445e95ca2c93b0ab5ea7c52e67d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__C_specific_handler
ExFreePoolWithTag
KeUnstackDetachProcess
KeStackAttachProcess
IoGetCurrentProcess
ExAllocatePool
ObfDereferenceObject
PsGetProcessWow64Process
PsLookupProcessByProcessId
MmHighestUserAddress
PsGetCurrentThreadId
PsGetCurrentProcessId
ZwAllocateVirtualMemory
RtlEqualUnicodeString
MmUserProbeAddress
ExRaiseDatatypeMisalignment
ProbeForRead
RtlAssert
PsGetProcessPeb
RtlInitUnicodeString
wcscpy
wcslen
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoIsWdmVersionAvailable
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE