c65c9694b49d092a8552c01c6d5f35561325cf310ad2028e7d8d8c88965e4e6c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c65c9694b49d092a8552c01c6d5f35561325cf310ad2028e7d8d8c88965e4e6c
Size

18KB
MD5

76960b29a0deede1131a8240e59a903b
SHA1

e66a8e387fcca1928e85c1a32484ff631893499a
SHA256

c65c9694b49d092a8552c01c6d5f35561325cf310ad2028e7d8d8c88965e4e6c
SHA512

88ae645ab1818e6a3ea517c40268ad2c4a889c8aab0e93e867eb00c956a463adda2d364bc1dc8881fe58bba69c17360a5af45daff1787e77f64628b3f17b5729
SSDEEP

384:UXwfWsQaZjFObl82//eSC0z4UY0HB5nPRRWg2WOczL2L4ns:UXwOshz2/VYCBxiB6LA4s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c65c9694b49d092a8552c01c6d5f35561325cf310ad2028e7d8d8c88965e4e6c

Files

c65c9694b49d092a8552c01c6d5f35561325cf310ad2028e7d8d8c88965e4e6c
.sys windows:6 windows x64

426ffa6637d414f83728ea6554855d9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
MmGetSystemRoutineAddress
MmUnmapIoSpace
MmMapIoSpace
KeDelayExecutionThread
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
swprintf
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ