33a0d62210847b03938e2f20d3203c66 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33a0d62210847b03938e2f20d3203c66
Size

21KB
MD5

33a0d62210847b03938e2f20d3203c66
SHA1

0bc81c7284b4bafe66d4e1f7c12481928864c018
SHA256

b7e6872bce617e36cc03daf68d8a230f1ec8e1e45638632b682a35499a5a63a2
SHA512

005a7f325f1e9b9606154b6855b365e49bee91a1b396313208d09e87135f744aee1af078e2b557ac7da0c3a51b384947c15c00a8f845f3ea75508ddaa3acdcbb
SSDEEP

384:8gnIvnwdDcyxMDsNbfnio+Rm44yJ0MEE9aoZ3j2dntW2Q:8gn4IcCMDsNbfnSRm4U37dn02Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33a0d62210847b03938e2f20d3203c66

Files

33a0d62210847b03938e2f20d3203c66
.sys windows:5 windows x86 arch:x86

51c4a034b13bb6e888bb0c2b0567557e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsNonPagedSystemAddressValid
ZwCreateDirectoryObject
MmGetSystemRoutineAddress
wcslen
MmBuildMdlForNonPagedPool
ExAllocatePoolWithTag

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 229B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ