133d0d719d3387cce2bf3f05cbe1ff90 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

133d0d719d3387cce2bf3f05cbe1ff90
Size

4KB
MD5

133d0d719d3387cce2bf3f05cbe1ff90
SHA1

17a47e8ded2cc526a7e87c2d3ec5d4d5a6b24f5e
SHA256

7e20400eeaeac62cd3d15b333bfc6304cb541c8e333b4c19c167aaee232624d0
SHA512

851e792453a9b9f859341dce3d0653c9c92ccab0b1b0da9731a87e80ba002a16d013229ee2e0d65322ff88d7d52038e10e5d16d19b39505c6172c3983ad6b546

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
133d0d719d3387cce2bf3f05cbe1ff90

Files

133d0d719d3387cce2bf3f05cbe1ff90
.sys windows:5 windows x86 arch:x86

e5f0a364bbdafde439d975212c6145b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwUnmapViewOfSection
KeServiceDescriptorTable
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
KeTickCount

Sections

.text
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ