06b9a29c476f928c60f79c679c147c09 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06b9a29c476f928c60f79c679c147c09
Size

52KB
MD5

06b9a29c476f928c60f79c679c147c09
SHA1

da3202d485974d568496a519c9cfa035140828fe
SHA256

e1a30b2841fbb151373aba20caf7bdfa97978459cf4ceed9625ec053d5a16968
SHA512

1f1a8e31cf629b1a27462a47277dba78aa8a7b4101072dbb8503f2f28dd538720b269f6a11f372f869adef8ee30a61bc925600e8f57771cdc7527b3370af81fd
SSDEEP

768:HG46A7vaZME7gsNNLNqTcW9IUCG/s/OWFjt7NFL8C:HL6A7vafginWSG0/JZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06b9a29c476f928c60f79c679c147c09

Files

06b9a29c476f928c60f79c679c147c09
.dll windows:5 windows x86 arch:x86

6900cbaa7f0ffbd38afc31828d91a3dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeFreePrivileges
SeDeleteObjectAuditAlarm
SeOpenObjectAuditAlarm
SePrivilegeCheck
SeTokenType
VerSetConditionMask
strstr
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
ZwSetEvent
_vsnwprintf
RtlTimeToTimeFields
RtlFreeAnsiString
RtlCopyString
RtlEqualString
KeTickCount
IoGetTopLevelIrp
wcsspn
IoInitializeIrp
RtlInitializeGenericTable
ZwAllocateVirtualMemory
memset

Exports

Exports

__KeAcquireQueuedSpinLock@4
__KeReleaseQueuedSpinLock@0
__KeTryToAcquireQueuedSpinLock@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ