379467cb04fcdb6b0fb67bb718d79e49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

379467cb04fcdb6b0fb67bb718d79e49
Size

73KB
MD5

379467cb04fcdb6b0fb67bb718d79e49
SHA1

70aed9c9c70ff4e6eb2e5b73441612439ab04547
SHA256

7cce12c908d7863ce6b67f2d86c364aab8754a07323c952f987f2a7684eecc03
SHA512

f046ede9854e830598bd565cb54ac4a107cb61af7bbeb6879dd573713895d9674a7196a6d35119d65872517d65938b6b8b005ba5a008b2eb0988a3f1bd509270
SSDEEP

1536:XUjrj36IiYxGDo09ms9o5P3m/FaKIlEA7e/HT+1Vlq0BGLHfjnJblSS:iSIiKn8No5P3mtxIEA7e/z+ItvhlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
379467cb04fcdb6b0fb67bb718d79e49

Files

379467cb04fcdb6b0fb67bb718d79e49
.dll windows:4 windows x86 arch:x86

1dc879b0d954fcdeba3f230e7ba74475

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

LpcRequestWaitReplyPort
IoGetDeviceObjectPointer
ZwFsControlFile
CcPrepareMdlWrite
wcstombs

hal

HalReadDmaCounter
HalSetDisplayParameters
HalSetBusData
KeAcquireSpinLock
HalSetRealTimeClock
WRITE_PORT_USHORT
READ_PORT_USHORT
HalInitializeProcessor
HalStopProfileInterrupt
HalEndSystemInterrupt
HalStartNextProcessor
HalQueryDisplayParameters
KeAcquireQueuedSpinLock

Sections

.data
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 559B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ