049f016eea50cf8231585ff1bf8157a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

049f016eea50cf8231585ff1bf8157a1
Size

3KB
MD5

049f016eea50cf8231585ff1bf8157a1
SHA1

75609a8d4f92d893e69d722e02a1c9dbf203192d
SHA256

f7ece6c9d4ac0d286e9718de02362e642c82f2c80e427f94fe9f3b4443c27b0b
SHA512

eed459f70b9b675f67bb8328f35a3594f5c7e70a8a99183a3ec249d170717397ac8cb04d301998bf2af4496aa5ff442e108aab5c819cfda09e815289354765e3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
049f016eea50cf8231585ff1bf8157a1

Files

049f016eea50cf8231585ff1bf8157a1
.sys windows:5 windows x86 arch:x86

60275cd702c62c82e993bc3f22ca8709

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
KeBugCheckEx

Sections

.text
Size: 896B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 518B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ