0560e7cf3e87cdfab28a235df68f5315 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0560e7cf3e87cdfab28a235df68f5315
Size

49KB
MD5

0560e7cf3e87cdfab28a235df68f5315
SHA1

0800b4bd99f843f18fb56c149c47968b17c396aa
SHA256

0a71c9598b2b3ef9fc407c06761364f86c1e843be2e0223308b62d1ba75f35a0
SHA512

15d57e32bdc531a746797a68a20bf6d2eae2891662325e83e7bc62eebde9d806902dafbb6e9bba4b7f4206064e3e2855fe336f95dad235a1350c7caab19d1b16
SSDEEP

768:CG6NagApTX3MdX/tZpLhdvQujv8Lj4tbHKVIfrrBFkiNE1wUrDkpMJexh0d9PxC3:CUEtZLjJvSkpP/wJCQCDkNHfjwoe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0560e7cf3e87cdfab28a235df68f5315

Files

0560e7cf3e87cdfab28a235df68f5315
.sys windows:5 windows x86 arch:x86

610b17a65a60cfcbf3aabebe6484fb6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
KeGetCurrentThread
KeDelayExecutionThread
ZwCreateEvent
RtlInitUnicodeString
RtlCompareUnicodeString
ExFreePool
IoAllocateIrp
ObfDereferenceObject
ExUnregisterCallback
IofCompleteRequest
KeSetEvent
IoDeleteDevice
KeBugCheckEx
KeTickCount
ZwSetValueKey
IoWMIRegistrationControl
KeSetTimer
RtlIntegerToUnicodeString
wcslen
RtlAppendUnicodeToString
IoCreateDevice
IoAttachDeviceToDeviceStack
IoOpenDeviceRegistryKey
ZwQueryValueKey
ZwClose
PoRequestPowerIrp
PoStartNextPowerIrp
ExAllocatePoolWithTag
ExFreePoolWithTag

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ