dc57bd172416112cc8ab30b69b6b983dfe45762784c97ecfda155e8e6818ffb0 | Triage

Sharing

General

Target

dc57bd172416112cc8ab30b69b6b983dfe45762784c97ecfda155e8e6818ffb0
Size

2.5MB
MD5

d9b66de1050cc61b5e0fadeab47924cd
SHA1

0e870665e6058dbfafc6702a52df69b3a2c9682e
SHA256

dc57bd172416112cc8ab30b69b6b983dfe45762784c97ecfda155e8e6818ffb0
SHA512

e2fc793107c977a2faf46f671555fabb8131b77db8d43549bb76884892a343587529eeff9e43df57712427366bb409a19746c56c91037fd0d02e929d7458e078
SSDEEP

49152:tDnKtBKRRk0xOtc9UAPMy14QYN23gvXb0X9ijnZCtPZRrv0mbXZQ9cMDrKkTxqk9:JnKtMR+qz1SsCIgbkbXZQuIK8Tw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc57bd172416112cc8ab30b69b6b983dfe45762784c97ecfda155e8e6818ffb0

Files

dc57bd172416112cc8ab30b69b6b983dfe45762784c97ecfda155e8e6818ffb0
.exe windows x64

81aeda71642cd71665790959753b78e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice

Sections

.text
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Drv0
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ