0bc833b3cc1a330dd5e4af615d7fbb6f | Triage

Sharing

General

Target

0bc833b3cc1a330dd5e4af615d7fbb6f
Size

56KB
MD5

0bc833b3cc1a330dd5e4af615d7fbb6f
SHA1

0180371f0a40d96df328110d3e349a49ba0dc267
SHA256

ad55deebd11b94e2388b69cddad76989d747ba85c851643643cc76d45baf6807
SHA512

9412cea733226b1ee6b70891fc02cd5fa8d22e302bcdb7b089509d08a0f469a8b9fb311c81d1f0fe42e766c5ab6f1a48ea2dfc8b23a2a6115adeee384a61ae85
SSDEEP

1536:auD8JuiCxUu5Fd9Z+AcCB3cAmuVWqCDULYCXiQy6:WJuiCxUmZ+AVB3cAdVWqLcUiQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bc833b3cc1a330dd5e4af615d7fbb6f

Files

0bc833b3cc1a330dd5e4af615d7fbb6f
.dll windows:5 windows x86 arch:x86

f7076e46a71b49d9fb7ff5c196c69639

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlNtStatusToDosError
ObGetObjectSecurity
IoSetSystemPartition
ZwClose
IoRemoveShareAccess
RtlLengthSecurityDescriptor
KeCancelTimer
KeBugCheckEx
KeInitializeTimerEx
IoCheckEaBufferValidity
RtlCharToInteger
RtlAreBitsClear
RtlEqualUnicodeString
RtlCheckRegistryKey
SeAssignSecurity
RtlClearBits
RtlCompareString
ExFreePool
RtlEqualString
FsRtlFreeFileLock
RtlInitUnicodeString
RtlInitString
RtlIntegerToUnicodeString
strncpy
RtlHashUnicodeString
ObQueryNameString
ObReleaseObjectSecurity
FsRtlNotifyUninitializeSync
RtlAnsiStringToUnicodeString

Sections

.text
Size: 23KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ