3ad19a77a0752b847e7f17074e72c2ec | Triage

Sharing

General

Target

3ad19a77a0752b847e7f17074e72c2ec
Size

132KB
MD5

3ad19a77a0752b847e7f17074e72c2ec
SHA1

f56d40f4be96d66cb4509dbc38a19b6bdcfbfa2b
SHA256

4b6e5ae794eed42a30f20cb41c9b7d9c516fe1ec8349c5f0d4d5d4401ca7961a
SHA512

9ffc73521e16cd0c0e639d77ba4054b56b3832b1c51d0f5aeac42da7ffd18f6ca26cdc7d5d213277db51413c11c70f4c8c862ff99cb585e7c24196db5432f638
SSDEEP

3072:Dp/L09XdW95jh4L6PAhpYSJVu3ay7qVFSjEHnaLw1Z5:Dp/LEXdW9RCL64hCSTkx74Hnasv5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ad19a77a0752b847e7f17074e72c2ec

Files

3ad19a77a0752b847e7f17074e72c2ec
.dll windows:1 windows x86 arch:x86

49633d12798b797779d7f5056f297edb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
wcsncpy
KeBugCheckEx
_except_handler3
KeTickCount
MmMapLockedPagesSpecifyCache
ExAcquireFastMutexUnsafe
IoGetCurrentProcess
PoSetPowerState
DbgPrint
KeInitializeSemaphore
PsRemoveCreateThreadNotifyRoutine
ZwQuerySystemInformation
ExFreePoolWithTag
ObReferenceObjectByHandle
RtlAnsiCharToUnicodeChar
NtRequestPort
ExInterlockedExtendZone
ObfReferenceObject
strstr
strncpy
strncmp
KeRestoreFloatingPointState
HalPrivateDispatchTable
KeQueryTimeIncrement

Sections

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 672B - Virtual size: 644B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE