4b367163648c3f48929e9c56cad19987 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b367163648c3f48929e9c56cad19987
Size

18KB
MD5

4b367163648c3f48929e9c56cad19987
SHA1

9a3c28dda9ffc954c75da0ac5f0d55a9b46411ae
SHA256

b049efae8b3eb96305ba6186c3b7ba340aeca4f38f45ee02d105c6934943bd1b
SHA512

7a70e219787d8b67f563fa2775bbe75f209230953415a8dfbe9a847d180714f7f4983f1e552921ed77cd7e8c8010d262faec90cbcab21943e757b6a3a24dc727
SSDEEP

96:vuaWa4tDiCGZPE108cq4o4G1JYCh0ubdNJOpUn47sWG0MDVrUHDOf/lWJvF5U:GXaKips1r4oj1RU3NgJUjkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b367163648c3f48929e9c56cad19987

Files

4b367163648c3f48929e9c56cad19987
.sys windows:5 windows x86 arch:x86

f7596b8bb903209eb51a59f1da209fe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
ZwOpenKey
RtlInitUnicodeString
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
wcscat
mbstowcs

Sections

.text
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 128B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ