63a112828eed5606fced38b2e98214f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63a112828eed5606fced38b2e98214f1
Size

63KB
MD5

63a112828eed5606fced38b2e98214f1
SHA1

357e75dfe1ac7974bd3c21c3c7959b5a85f25d95
SHA256

6ed2fa2121c244ed5cb7321084616de08183a712f0291e2b9d3268b1b8ad30eb
SHA512

02e43c4ed8a77ba29d4b861ae4569ba72a20150759315ce2c25685643d812c2a279d1649df824691c06eb275c46d8c93baab61b73bc9ec410897f296e90abacd
SSDEEP

1536:tDremTthsE0CqQk8BpQP16KlBXIAC9i5aozGC:tXemTtnYOI3lVIndoz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63a112828eed5606fced38b2e98214f1

Files

63a112828eed5606fced38b2e98214f1
.dll windows:5 windows x86 arch:x86

872c167887bac6150973e67054257c89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeInitializeTimerEx
RtlRemoveUnicodePrefix
RtlEqualUnicodeString
RtlInitString
KeUnstackDetachProcess
KeInsertDeviceQueue
PsIsThreadTerminating
RtlIntegerToUnicodeString
RtlFindLongestRunClear
KeQueryTimeIncrement
strncpy
PoSetPowerState
IoAllocateIrp
RtlEqualString
RtlFillMemoryUlong
IoGetDeviceInterfaces
RtlStringFromGUID
IoBuildPartialMdl
RtlMultiByteToUnicodeN
PsLookupProcessByProcessId
RtlInitUnicodeString
KeCancelTimer
ExFreePoolWithTag
RtlCompareString
RtlCharToInteger
ZwClose
RtlCopyLuid

Sections

.text
Size: 24KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ