07252a98741f076e8778222e85866aa16f6801d12b5ae2dd47968bb2d4fa28d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07252a98741f076e8778222e85866aa16f6801d12b5ae2dd47968bb2d4fa28d2
Size

24KB
MD5

448b18e6063c12a14f454877a1ccef71
SHA1

f84b8b662a45d7ede787c2829f70ff66662a7c41
SHA256

07252a98741f076e8778222e85866aa16f6801d12b5ae2dd47968bb2d4fa28d2
SHA512

7e1bec0e6ff32cfc156baa765834e1a62872bc2a0f43a79eccd1ee2c477fb9d7cfab3216c09473e6b0e01c1fec51b5dfdf526a873733c6c62467bbbc98b76fd0
SSDEEP

384:GFsh7wW8V3fUjPYlX3k60UV2NkswPVfX/HDoepowF/OgxcwPcZvhx77jRY5958:5GsMFk6DY/wPVfPjoen+77q59K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07252a98741f076e8778222e85866aa16f6801d12b5ae2dd47968bb2d4fa28d2

Files

07252a98741f076e8778222e85866aa16f6801d12b5ae2dd47968bb2d4fa28d2
.sys windows:10 windows x64 arch:x64

41a5a6c83ed8ba58de42841ae7519e38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmMapIoSpace
KeBugCheckEx
MmGetPhysicalAddress
RtlCopyUnicodeString
IoAllocateMdl
MmAllocatePagesForMdlEx
IoGetDeviceProperty
MmUnmapIoSpace
MmMapLockedPagesSpecifyCache

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ