05e92138c8387eb03da9f3e03c382502 | Triage

Sharing

General

Target

05e92138c8387eb03da9f3e03c382502
Size

8KB
MD5

05e92138c8387eb03da9f3e03c382502
SHA1

d160c471c54d13cf82e00524b84e114944762d60
SHA256

1f04e263d6bfd924378472dd7098ee3b5801e10d701d6a00c60428c1738a7802
SHA512

b164e9f869738fa61f10ccf55926d3bfd5450e153d264144bb7b1e6aed5c3fbc3af12bd6785d6197c1985befc091782938aef82e8300512d4055e50058a401be
SSDEEP

96:z0e1pvzOzbSRUFWmaYmUL5ywD3SDXXvOBrLhPS:zDwzb7daYdSDXfOBrI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05e92138c8387eb03da9f3e03c382502

Files

05e92138c8387eb03da9f3e03c382502
.dll windows:5 windows x86 arch:x86

3310eb3528ee14b8fb7efcec7c2edce5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IofCompleteRequest
ObfDereferenceObject
ZwClose
ZwAllocateVirtualMemory
ObOpenObjectByPointer
PsLookupProcessByProcessId
MmIsAddressValid
ZwOpenProcess
KeServiceDescriptorTable
ExAllocatePoolWithTag
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ