79c812c4e2b7670c1a82015d802c0116 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79c812c4e2b7670c1a82015d802c0116
Size

39KB
MD5

79c812c4e2b7670c1a82015d802c0116
SHA1

e2866ac288fe77fd8faff48d426e38e7453eb048
SHA256

817c297f6bc92bb2c71448e2b65f4a439e67447dd9f404c5333b9899241e18aa
SHA512

ae3f953adedbbaf9253556be1d5b538aa0b181ae1cde02b0cd1609d5ca640c070f4108628cbacad0db6ea6593ff3d5e74540d1e3a92f0e8f8a44562ace5bf380
SSDEEP

768:MYErykXYOLPT18Q+inI6JJwm7hRp69x4gt+2I3kS0rsyeTxcuU35hTlH:iyEYe718Q+ihXwm7R69xTJiBhTFLUJhZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79c812c4e2b7670c1a82015d802c0116

Files

79c812c4e2b7670c1a82015d802c0116
.sys windows:5 windows x86 arch:x86

ac694e00a2633d6bf820fd81450354a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
RtlInitUnicodeString
memcpy
RtlCompareUnicodeString
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
memset
ExAllocatePoolWithTag
ExFreePool

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 128B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ