17c03f19a8f2a296ae52ab61809b7bda | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17c03f19a8f2a296ae52ab61809b7bda
Size

42KB
MD5

17c03f19a8f2a296ae52ab61809b7bda
SHA1

d097e9ea7212c2e17dcdc1a27ffc9db3f964aa5a
SHA256

f86b1c71d0ab0b736f2f20ba9677e40c2d40188527a6a11990abd0e8aeddebd7
SHA512

50d147ff5e75cdaccd279bb7c6ff877c6aa4a036b8e3d1b0f26cbdb60f4ab2632f8efc5c4b092fbb16f56789a105e226c39b8d842b7ee656bfe181603be20ff7
SSDEEP

768:vS9zhmFxbfd0pSTfc64CXGXYP1Z3a043zP20GSlGAL2oHFEi/pWG120RGKW5IJNb:vSHmFx2pqfh4CGQ74S0NAcEi/Ykzwp5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c03f19a8f2a296ae52ab61809b7bda

Files

17c03f19a8f2a296ae52ab61809b7bda
.dll windows:5 windows x86 arch:x86

e84b068c101559781dcb8627f064a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
IoGetRelatedDeviceObject
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
_wcslwr
ZwOpenDirectoryObject
ZwSetEvent
_vsnwprintf
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeAttachProcess@4
__KeDetachProcess@0
__KeStackAttachProcess@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ