04eac08ea4c5e5c0f9ef968d24eeb4d5 | Triage

Sharing

General

Target

04eac08ea4c5e5c0f9ef968d24eeb4d5
Size

46KB
MD5

04eac08ea4c5e5c0f9ef968d24eeb4d5
SHA1

5a5ee69899cc6de2635cf94d825a0f9dff7e484a
SHA256

8e2a2d31c31e0d5fa9c4fc714754ae27654593bf3d5bd3d01f1e5e0d43fb880b
SHA512

b69cfae9c772a7727b623d9b1e88929b1ee0cca33ac600b87bada29271344ca10c174db77fa1e7d2309aff2a3279dc7c241c41e2c648584dd0ae3518a658c1f7
SSDEEP

768:Ah10olfQAtIUP0yiv7qV/7lpb2KodP+W461Ps5nCTPXbtq3UzFF+KOPAYrlXFo7y:yrWAOLyiv7qZrb2LZ9/L8EzFF+bIYr72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04eac08ea4c5e5c0f9ef968d24eeb4d5

Files

04eac08ea4c5e5c0f9ef968d24eeb4d5
.sys windows:4 windows x86 arch:x86

67c51b7e6cac35010a5bef1118da91ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwCreateFile
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
ZwCreateKey
wcslen
swprintf
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
ZwUnmapViewOfSection
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ