04f70494b0db0bf4b4c7f3c2fa309272 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04f70494b0db0bf4b4c7f3c2fa309272
Size

10KB
MD5

04f70494b0db0bf4b4c7f3c2fa309272
SHA1

3053469ac235c87cbb72992f8ae34dae8de80c18
SHA256

0f27a61ec1f4ac6af154180a57804620e4927dcbedb5c2d8abeb767fc51bfe42
SHA512

62b8d2097d5c7d6037c176b64a08b482269682d939dbb9488a43bbef0ffdcf0cb60cb55a636ef3ecd68199fa7676b1101074467545ccbed57b73058b9931ddfc
SSDEEP

192:pCvCOREJKpkit2ONe1CdJ1AUOjzWLFyyMErhCvaX:cvCbi/U41AD7IdCSX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04f70494b0db0bf4b4c7f3c2fa309272

Files

04f70494b0db0bf4b4c7f3c2fa309272
.sys windows:4 windows x86 arch:x86

e3869a14b2362ed2d955f04ee099222e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateFile
MmGetSystemRoutineAddress
ZwDeleteFile

hal

HalHandleNMI

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ