5e2f0e36f914ae8416d262689de78ce3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e2f0e36f914ae8416d262689de78ce3
Size

21KB
MD5

5e2f0e36f914ae8416d262689de78ce3
SHA1

1ce2500606194ca6d8683b856ef77096c940297a
SHA256

d59d131441d51b18e51a351b5e63a83b3b57aaf6a3abf789029dff14fc9441cd
SHA512

766bc3a01b31048bc0661fa8bca7925ff48addd4dfd5130255d2670599a27d6dcd4ffa534e14bae3ccf4348878fdb4e2b71e6d45295cb127c48dc782c1311f7b
SSDEEP

384:XemoBzLPNiaF42h33JKSamMmQXAQaAHbW7fP3icl7CYzLP:Xemo5LPNia6EJvMNRbWLviAP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e2f0e36f914ae8416d262689de78ce3

Files

5e2f0e36f914ae8416d262689de78ce3
.sys windows:5 windows x86 arch:x86

fa2959a9f853b3d1b8aa344b8e574d1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmProtectMdlSystemAddress
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlLengthSid
NtSetSecurityObject

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ