4edd8818b89c75bc48c4eba8f4f6b2f0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4edd8818b89c75bc48c4eba8f4f6b2f0
Size

27KB
MD5

4edd8818b89c75bc48c4eba8f4f6b2f0
SHA1

d22f3575d9e89e2dd42efcf86402b02c6eeb4e3c
SHA256

c6ecaadfef5e0fbb9197328dafae1b94253bf9edde7f1eb7adaa7ed49827a678
SHA512

adf8c6f681736f0800e4e2bc58d29a84b66713cf2ad80167bdac841d4764a8b25822db3bdf6e6eff7b058d16c98d668465ccacd0dc17aebfcc1876d6f7c6f38c
SSDEEP

768:YFYcQJLJVHcys8P/P+9IvYMLC9ibu4UUzwqZE:YjuoyHWSYUuwL7zwl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4edd8818b89c75bc48c4eba8f4f6b2f0

Files

4edd8818b89c75bc48c4eba8f4f6b2f0
.sys windows:4 windows x86 arch:x86

5be12acd4a64634c7e746232372e7fe9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
wcscat
wcscpy
strncmp
RtlInitUnicodeString
_stricmp
strncpy
ObfDereferenceObject
_wcsnicmp
ZwClose
ZwOpenKey
RtlCopyUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
_strnicmp
MmGetSystemRoutineAddress

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ