0139b3a45d3da6526d0b1c2c8d71fc8a | Triage

Sharing

General

Target

0139b3a45d3da6526d0b1c2c8d71fc8a
Size

41KB
MD5

0139b3a45d3da6526d0b1c2c8d71fc8a
SHA1

c62f14fda7147e386149fa85dbae6ed8305fac39
SHA256

e5713136ad60eddca39ae8db1c57d1a71daffb9f58fd791732b758e228104280
SHA512

4ce3a505ef8d9b4936c9c67f17312c008553fe238f32e45652aefe108aa6bdef013c150bcd4f7420b91fb5207fb6ffcf91e2c3104476cd6bcf7f7bc51e5e3568
SSDEEP

768:fPE5DPjZ5cJV+bSbkqnt37MptfhHYOqZb3URIVcPEH20W16G9fcd:eV5cqZqnt37CRhJAb3URimCF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0139b3a45d3da6526d0b1c2c8d71fc8a

Files

0139b3a45d3da6526d0b1c2c8d71fc8a
.sys windows:5 windows x86 arch:x86

367bb8fd9a18ea96329c2a4177cc510d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strstr
RtlAnsiStringToUnicodeString
MmIsNonPagedSystemAddressValid
SeCaptureSubjectContext
ExAllocatePoolWithTag
NtQuerySystemInformation
RtlInitAnsiString
MmGetSystemRoutineAddress

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ