693500406ddb55368356511c2ce089b6 | Triage

Sharing

General

Target

693500406ddb55368356511c2ce089b6
Size

27KB
MD5

693500406ddb55368356511c2ce089b6
SHA1

9e34f0fe763bf6fda6399e06d259c7207b33cae5
SHA256

e589bd9bb9f4f23dc0e3e454b49e0172c0d549c29f383d0e7bec44d02514bc4f
SHA512

38e380a8080ab57f4472c6167a308cb665a4641daa32f338ff0e3ffd60f3c59043cfc5fb8df1495dca17631fb94e58912c24cd4015576d1be67eada0f1370ca0
SSDEEP

384:kT7KhIBA0DdOXr7jUF5KDfOxF2NNAE7bdE9HRxadZMiCrckMN3T5X:kXwpA5edg8djZFCcB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
693500406ddb55368356511c2ce089b6

Files

693500406ddb55368356511c2ce089b6
.sys windows:4 windows x86 arch:x86

6a7cc5785b78ec79043dc79c7031531b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
strncpy
MmIsAddressValid
RtlInitUnicodeString
swprintf
_strnicmp
wcscat
wcscpy
_except_handler3
ObfDereferenceObject
wcslen
strncmp
_wcsnicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlCopyUnicodeString
MmGetSystemRoutineAddress
IofCompleteRequest
ExFreePool
_snprintf
ExAllocatePoolWithTag
_stricmp

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 948B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ