3c30286e23e31c3ee7febe70bb75da36 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c30286e23e31c3ee7febe70bb75da36
Size

28KB
MD5

3c30286e23e31c3ee7febe70bb75da36
SHA1

774a14d02fb2662a76609ab59207cdd1fec2ca83
SHA256

bb822220fc6530871532246a09f95c39a9f61bbeedabb2d64974367dfe0c6caa
SHA512

d429e0adc910a60b69c69469001272d24ce7f6b37982474c258edb5845af55690dd9cb6b0aa1a6d66c045d2c1a914b77539376892449dda0b41e9fbda673798b
SSDEEP

768:adLmh8fYVg6xViO88/HkzjKUTsCqUgjBnPBT:adLmiYO6PromGsCqUgNn5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c30286e23e31c3ee7febe70bb75da36

Files

3c30286e23e31c3ee7febe70bb75da36
.sys windows:4 windows x86 arch:x86

084f5779e3020aa531658e34b349533a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
swprintf
wcslen
wcscat
wcscpy
ObfDereferenceObject
MmGetSystemRoutineAddress
strncpy
_strnicmp
_stricmp
ZwClose
ZwOpenKey
strncmp
_wcsnicmp
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 828B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ