0ce33833cc02e69008701d77f100d5a7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ce33833cc02e69008701d77f100d5a7
Size

26KB
MD5

0ce33833cc02e69008701d77f100d5a7
SHA1

6d025f5ab4c491eae2176576828fb1e4e19dabcf
SHA256

ea9c70dfcb1acfdea0da7aa0e2836c150000415af1305089c30c21f644fde785
SHA512

482f9abf78a1c834b2c1b7df1f1aa81cf288e01a00ee08a1b9c0c989b923ecfdf1eaf288228d0db862c7d0358b4d3aa22267ae76e502a57e3733a6568f6fa54c
SSDEEP

768:iQpOwcUSNUJwd9sJBR6rP9J34joBDSbJ4jM9rumx5LrHr:POwcUqUq9wBYPT8MDSbijM9ywH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ce33833cc02e69008701d77f100d5a7

Files

0ce33833cc02e69008701d77f100d5a7
.sys windows:4 windows x86 arch:x86

9db422f4969973e9282f162e86085c72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
wcslen
swprintf
wcscat
wcscpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
_itow
strncmp
_stricmp
strncpy
_except_handler3
RtlAnsiStringToUnicodeString
MmIsAddressValid
RtlCopyUnicodeString
_strnicmp
_wcsnicmp
ZwClose
ZwOpenKey

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 890B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ