10560b904dd851e00f1bae4a485db8f0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10560b904dd851e00f1bae4a485db8f0
Size

132KB
MD5

10560b904dd851e00f1bae4a485db8f0
SHA1

4ac4a231895d2253195295e20a67322ba3fe1aca
SHA256

e257aecb6e19ddf8aa15c3588d3e28a25bdbe227a92de9da16106367a2fb8fbc
SHA512

5ee8dd0b208af06892f77a2b9e9cbfa2da2580e6348a380a328e703e4148824d224c6eb58bc42c25ca9781c84480ca49a74dc1225782b2464e1c4e24ff402c0c
SSDEEP

3072:ovZmPqZ9Nla0VoVx5Awjh/of5b+WDuYhfYWlcNKm1b1cfkWLh:okPqLaZx5Af5iWS2gEKWLh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10560b904dd851e00f1bae4a485db8f0

Files

10560b904dd851e00f1bae4a485db8f0
.dll windows:1 windows x86 arch:x86

8925ae331302fca4138d94554ff2bdf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlAnsiCharToUnicodeChar
wcsncpy
ObReferenceObjectByHandle
MmMapLockedPagesSpecifyCache
_except_handler3
strncmp
KeTickCount
strncpy
KeBugCheckEx
ZwQuerySystemInformation
ExFreePoolWithTag
strstr
IoGetCurrentProcess
ExAllocatePoolWithTag
KeQueryTimeIncrement
ObfReferenceObject
DbgPrint

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 149B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE