07287992cdcfc99a883496146fc564da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07287992cdcfc99a883496146fc564da
Size

5KB
MD5

07287992cdcfc99a883496146fc564da
SHA1

cd0353c5b0f78da6d1db7cd75c7270337648e60d
SHA256

5217a2bbd510742b0fc46437574ba5bd03a5a8d4aff34d5f70c433c877c3131f
SHA512

322e42cfe6654a9a9ca19e7be57e45e9c3f9a61cb3143114973efb7a177e5080037568eb6522cdd46b6fd4a5876cf2e5e7f232b0a1e6c63158272a7c5f8fdf3b
SSDEEP

96:zAlNLH7e/y1i4JtyLQxUMlQu3oLWlRA11G/1xdR:zAXr7eK17yLQx6u3osVR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07287992cdcfc99a883496146fc564da

Files

07287992cdcfc99a883496146fc564da
.sys windows:5 windows x86 arch:x86

3325a1a4fcabd2c615283d9ae29fc5b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 528B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ