7940c15467a2b9df1b74421fad60bb31 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7940c15467a2b9df1b74421fad60bb31
Size

28KB
MD5

7940c15467a2b9df1b74421fad60bb31
SHA1

57b7f0a34198d81fd94aed42345781f52e6aec03
SHA256

eb11c64c0bd09effdcba2efa5de8cf4f1844733dc22a48a3713fbb608a51923e
SHA512

348889a5c33c019627167d227ab6a2c939cf92a162e65bf80175ecd8d637932c6f2820ec02ecdc1a81ba10d9ee5e8ce49327dcf96c2b5938d3de925ba4f347fe
SSDEEP

768:al4R49vFUJ1B54Pf0qrDaam8jLMVbVpVOQ:w4REFUPB54P8caam8jLS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7940c15467a2b9df1b74421fad60bb31

Files

7940c15467a2b9df1b74421fad60bb31
.sys windows:4 windows x86 arch:x86

45a606670878f0be071bea99803203fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ObfDereferenceObject
RtlAnsiStringToUnicodeString
wcslen
swprintf
wcscat
wcscpy
_strnicmp
ZwClose
ZwOpenKey
strncmp
MmGetSystemRoutineAddress
strncpy
_stricmp
RtlCopyUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
_wcsnicmp

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 800B - Virtual size: 788B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ