52f69181e7b1fa8107620c343c076d55 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52f69181e7b1fa8107620c343c076d55
Size

28KB
MD5

52f69181e7b1fa8107620c343c076d55
SHA1

94e65f691762445803183d6432e5bc0f381dce04
SHA256

ec4aeafbccccd3025140d00c648f7e2b20c867d26661e1d45668ed38cdf8c260
SHA512

dc9023d35bfde2b15d829792f41e8c06e6ad512f631e9ad4f53c676bb1c4043437250aadedd8b88721951de77351a90fc174e33cef002e40075af6bf114ef793
SSDEEP

768:v4vIG4ClIm2U1dYyBCRUlHp/tSvqs39CkqNjB/tKKh6LHLJhv:QvIbJU/1BCqlHThkclB/t0Jhv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52f69181e7b1fa8107620c343c076d55

Files

52f69181e7b1fa8107620c343c076d55
.sys windows:4 windows x86 arch:x86

420a84bd41632989e8764f6cc3e749bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
wcscat
wcscpy
RtlCopyUnicodeString
RtlInitUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
strncpy
_strnicmp
_wcsnicmp
_stricmp
MmGetSystemRoutineAddress
strncmp
ObfDereferenceObject
ZwClose
ZwOpenKey

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ