51c21fce111e93d2bf8957aadb36b474 | Triage

Sharing

General

Target

51c21fce111e93d2bf8957aadb36b474
Size

27KB
MD5

51c21fce111e93d2bf8957aadb36b474
SHA1

a72567bf2582753d895b8acfa625d29818988513
SHA256

73e830bc5269402cd63360137ce94c5170220ccd577926cc9eec97720afd4ac0
SHA512

00409d3ef110f5da6e153a0a7dc638473ba4295deed19cd78136809320c09d9692b94b0a3d24f5724a044c2c9eea1d65914c0560b2c0b988f411061333b3c0b6
SSDEEP

768:nAtN+sMdQc5yL9QGmBVwAhAbQK/CFVceHiGyCWqWBWUX5TVk:nYSdDyL3GwAhAbPIPiGXWqWBWWV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51c21fce111e93d2bf8957aadb36b474

Files

51c21fce111e93d2bf8957aadb36b474
.sys windows:4 windows x86 arch:x86

006c6b73b96fa67e40cd05db241cd336

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlInitUnicodeString
_strnicmp
swprintf
wcscat
wcscpy
_stricmp
strncpy
ObfDereferenceObject
RtlCopyUnicodeString
strncmp
ZwClose
ZwOpenKey
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ