50ef15fa6b426dd22c026526e35eb172 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50ef15fa6b426dd22c026526e35eb172
Size

26KB
MD5

50ef15fa6b426dd22c026526e35eb172
SHA1

cf99c96aa95cfdde57c7b6ba8a8de2e5ee13014d
SHA256

c263350d5793a695ba607e5a66f344431567a25ea92c930dc12911e53bc5b85c
SHA512

efe4e3b53a498d5506a1c74df600aedba241adf5f6db95d020c0dff7dfb4ae16ba13363de74634488e1cd5a52a58d07c30baca6e5f415bf681a4d1ef1907d6f0
SSDEEP

768:cFY0P5mjsUhorn6gOTKOYB2eL3+t+9LQr7:cdxmjDhor6ZCB20c+9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50ef15fa6b426dd22c026526e35eb172

Files

50ef15fa6b426dd22c026526e35eb172
.sys windows:4 windows x86 arch:x86

41e2a80d7a28f7c53adda05b32ab54f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
_stricmp
strncpy
RtlInitUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
wcslen
wcscat
wcscpy
_itow
_strnicmp
ObfDereferenceObject
MmGetSystemRoutineAddress
strncmp
ZwClose
ZwOpenKey
IofCompleteRequest
RtlCopyUnicodeString
MmIsAddressValid
_wcsnicmp
RtlAnsiStringToUnicodeString
_except_handler3

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ