a89139077dd15a221d7062fd8b979c0e1845991eb037141c316fd5dd9c69d41d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a89139077dd15a221d7062fd8b979c0e1845991eb037141c316fd5dd9c69d41d
Size

7KB
MD5

a1b66606f9c1f17c95040acee9d58ce2
SHA1

239cc86af5c4389d49460096a099e2027bd3fe56
SHA256

a89139077dd15a221d7062fd8b979c0e1845991eb037141c316fd5dd9c69d41d
SHA512

ea414d9143963afddcb6677f47a7b9ac716427ac7c47e7e07bc8bfcdcc70be739f747f3b42df527c8aa78b6f3c1e72805f6a8f36413650fe7cc9ffd5f8b30486
SSDEEP

48:Cx6FqMZoM2ScQw65JGU2zFWEZuOOOpOI6lS4G4auyuWzuWyEksAfhQ/YPkrGXm/7:mZMKJSWQJGUeY2X4G47y7fNRUw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a89139077dd15a221d7062fd8b979c0e1845991eb037141c316fd5dd9c69d41d

Files

a89139077dd15a221d7062fd8b979c0e1845991eb037141c316fd5dd9c69d41d
.exe windows x64

9ae6b0feb6d3dc89e64ec51f824f977f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
DbgPrintEx
DbgPrint

wdfldr.sys

WdfVersionUnbindClass
WdfVersionBindClass
WdfVersionUnbind
WdfLdrQueryInterface
WdfVersionBind

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ