1112ab9a8dfa38a891293a031a775691 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1112ab9a8dfa38a891293a031a775691
Size

24KB
MD5

1112ab9a8dfa38a891293a031a775691
SHA1

b2fb95569e85cdf5b4a93872f388ffa43926c234
SHA256

cffaf8f9751a4ccaa35ea6ac251bf53bfbcf7532e0dfdb89497e75f24e6eaaf2
SHA512

44255c82a34314474c81cebf52794ae6f994b77ec1b2b87a5e942e2645201ed299ca23681945091b60aaa10c496ba51d8ed6d787b682d3b3a5878618358be73f
SSDEEP

384:67CDNPRBo9fGBG3igj21NwczYjM0pXe90/bn2DXDF2IWuwbOV30/or9lNdD:6uAfGBirj21NwQRa2HsIai30wrTX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1112ab9a8dfa38a891293a031a775691

Files

1112ab9a8dfa38a891293a031a775691
.sys windows:4 windows x86 arch:x86

9e9833833ec69df7691d8eb04dc09c52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
SeAppendPrivileges
RtlRealSuccessor
RtlCopyRangeList
RtlCreateAtomTable
ZwDeleteFile
CcZeroData
KeQuerySystemTime
NlsAnsiCodePage
memset
MmSystemRangeStart
ZwCreateTimer
RtlCopyLuid
FsRtlDeleteTunnelCache
RtlTimeFieldsToTime
FsRtlNotifyFullReportChange
KeInitializeDeviceQueue
ZwLoadKey

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ