78e3a0b26b9ecb56cd52d903bdfc25d201d2c00fc382e09960d057a551286180 | Triage

Sharing

General

Target

78e3a0b26b9ecb56cd52d903bdfc25d201d2c00fc382e09960d057a551286180
Size

10KB
MD5

a439b8ace71b9c0d34e48d6a3f1040b6
SHA1

50350a27936e727fafa589a8ef529b165892c848
SHA256

78e3a0b26b9ecb56cd52d903bdfc25d201d2c00fc382e09960d057a551286180
SHA512

64b1859ae37add6ffb2d9b469cc3a0be64ea7a94c9c20c01438b36c0dd0293221a317ca477dc0afbd0d546ab85839560de689ce696ee87ce7eb23c0629bf7043
SSDEEP

96:voXmU8vAnT/Pr21B7PPHR9HmvenIw2Vp69MeFu0AZVCK86zPnljlNseGRNNVKiPP:wXmfvA7krxEveneQufz86zdj/3SNTPM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78e3a0b26b9ecb56cd52d903bdfc25d201d2c00fc382e09960d057a551286180

Files

78e3a0b26b9ecb56cd52d903bdfc25d201d2c00fc382e09960d057a551286180
.sys windows:6 windows x64 arch:x64

7bf9aa64e1023b40c022c61e9f9dd3dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrint
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObRegisterCallbacks
ObUnRegisterCallbacks
ObGetFilterVersion
PsProcessType
strstr
ObfDereferenceObject
PsGetProcessId
PsLookupProcessByProcessId
PsGetProcessImageFileName
ExAllocatePool
ExFreePoolWithTag
ZwClose
ZwCreateKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
KeBugCheckEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ