04d399fb24010edb6c22fb635b88144a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04d399fb24010edb6c22fb635b88144a
Size

27KB
MD5

04d399fb24010edb6c22fb635b88144a
SHA1

734740c5e8af624493d5b70a20ded97d5d8ec57e
SHA256

7e57dc19d165dfdaa90b0dad12aae83951d11a275683b3689b145489d8f76677
SHA512

17c61dd45ffb5acc0e25d38e746d1de4b5eed78844e298d53f8d1f1f5b1dd15eef02f53984e7957859be558fbce37ca346aa4bfe903486270f65b7b01dcb2623
SSDEEP

384:ELQrpHG3UDUgYgJ5kneWCPU3b8PE/cLXAfAJT0edZcDL/0/rd:cQ9HG36U85VrsbDcLXAoJaLS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04d399fb24010edb6c22fb635b88144a

Files

04d399fb24010edb6c22fb635b88144a
.sys windows:4 windows x86 arch:x86

0ce45c9a6cf07d6f5bc00c8a998a2e7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObQueryNameString
ZwClose
swprintf
wcscat
wcscpy
_stricmp
strncpy
wcslen
RtlInitUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
IofCompleteRequest
_wcsnicmp
MmIsAddressValid
strncmp
IoGetCurrentProcess
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
_except_handler3
_strnicmp
ZwUnmapViewOfSection
RtlCopyUnicodeString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ