298b12ab0792e07d8d832081241cfceb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

298b12ab0792e07d8d832081241cfceb
Size

29KB
MD5

298b12ab0792e07d8d832081241cfceb
SHA1

b2bc48cf35c32f7ba6767073c7e328c683b36387
SHA256

cb8c6604fe47487893b73d2595cd7ef0342da172a87d4028097b71cd7df3f32c
SHA512

e749a74c07f6b30c128a0f26b319c5e017e580ed57692332e9a5c6cbafe7639606ce6ca767b62cb80efe5ba84107663e35a1b55e77c3153821a381da2a8438dd
SSDEEP

768:Py4XbX/DMrqUxL3enCsEUS2xhhYK/zY/Rt2:64rX/eL3OFS2b4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
298b12ab0792e07d8d832081241cfceb

Files

298b12ab0792e07d8d832081241cfceb
.sys windows:4 windows x86 arch:x86

da9ac54e2b9057116497ca883bc68bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareUnicodeString
RtlInitUnicodeString
swprintf
_except_handler3
wcscat
wcscpy
_stricmp
strncpy
ObfDereferenceObject
ObQueryNameString
strncmp
IoGetCurrentProcess
ZwUnmapViewOfSection
wcslen
RtlCopyUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
MmIsAddressValid
IofCompleteRequest
_wcsnicmp
_strnicmp
MmGetSystemRoutineAddress

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ