6aac97458dd67ec6c291b521ffd2abc7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6aac97458dd67ec6c291b521ffd2abc7
Size

6KB
MD5

6aac97458dd67ec6c291b521ffd2abc7
SHA1

e936ccbdb3c3b5cd3a015b54f7d192872f3cddbe
SHA256

46cd3c6ed9302409fe3f2621e5993c669644045891f53466b14525d0ebf79626
SHA512

5b7d733a72358292dbe17c726ed70c73b7241397f754c9ebf8545080d4a56ab7a3915ddc448744aa7a5b68114ac4d30309a371fc5f20bcb151aab07df62ae741
SSDEEP

96:fFTBdeEJph4i7zw4nmhCaLEQc4UygwoFPFNeVaKCVFeq7qPNpvi:oEJz7xnlKRc4UygwM+aK7p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6aac97458dd67ec6c291b521ffd2abc7

Files

6aac97458dd67ec6c291b521ffd2abc7
.sys windows:5 windows x86 arch:x86

8a7b0bb8dd15fd709416819f3a9b4c9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncpy
IoGetCurrentProcess
ZwQueryInformationProcess
ExFreePoolWithTag
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
_strnicmp
ZwClose
ZwAllocateVirtualMemory
PsGetCurrentProcessId
MmIsAddressValid
strncmp
_except_handler3
ZwDeviceIoControlFile
ZwQueryDirectoryFile
KeTickCount
KeBugCheckEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 564B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ