5aaefb601a3638dbab8d58b868dc0a1f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5aaefb601a3638dbab8d58b868dc0a1f
Size

128KB
MD5

5aaefb601a3638dbab8d58b868dc0a1f
SHA1

474433e681c4b179cda1598ab895f427d573bbef
SHA256

49dd9a2fa568060ef1eed98fb460e6d040e96095e872a2bb71b85b4c3008dedc
SHA512

a6993006c8486334de414ca7e1f8368953e276062a10eec120bdaad535c4bf50d8b691817333e77900ba8a7b38f4231260d080212c5fd737f26d6073cff9095d
SSDEEP

3072:y5H6eUGUyoNfpf6kvYjhLZIJWDV0XrxFp+JVX6T/UQiaG:5eUPNfpCkAZCJaV0b49k/UOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aaefb601a3638dbab8d58b868dc0a1f

Files

5aaefb601a3638dbab8d58b868dc0a1f
.dll windows:1 windows x86 arch:x86

ab672f40f2bf523f6c008145acc0ace2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmMapLockedPagesSpecifyCache
DbgPrint
_except_handler3
ExFreePoolWithTag
KeTickCount
ZwQuerySection
ZwSetBootOptions
ZwCreateKey
ObfReferenceObject
ZwQuerySystemInformation
RtlUpperChar
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
strncpy
WmiFlushTrace
KeQueryTimeIncrement
strncmp
RtlAnsiCharToUnicodeChar
InterlockedIncrement
IoGetCurrentProcess
strstr
wcsncpy
RtlIsValidOemCharacter
KeBugCheckEx
ObReferenceObjectByHandle

Sections

.data
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 672B - Virtual size: 651B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 768B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE