0092f1f8576f6dd3b27d711c593f9d40 | Triage

Sharing

General

Target

0092f1f8576f6dd3b27d711c593f9d40
Size

20KB
MD5

0092f1f8576f6dd3b27d711c593f9d40
SHA1

eaf13078fb6ec9fc55b289c04c40c11153d1398f
SHA256

00c373652e4c7cd9beb9b56e0a32345f64c9ed702662afa6352a8a446970b430
SHA512

0f33366e5910cc05f28d1612eb4c87751085432e737aa08008368a925545ef31c55c54141fb4c0cebd52182ac722a7a12f9c5025e7c6450561feea554d321b9f
SSDEEP

384:mY5kMD8EgggiClCujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMtGPSxIOkCWE:35kMXgLUsIpiKE4T7pYF4u3UVaDwBt3t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0092f1f8576f6dd3b27d711c593f9d40

Files

0092f1f8576f6dd3b27d711c593f9d40
.sys windows:4 windows x86 arch:x86

499d15e3efc8105e37fc9e4d07e9d190

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscat
wcscpy
_snwprintf
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeServiceDescriptorTable
ZwSetValueKey
RtlCompareUnicodeString
ExGetPreviousMode
ZwWriteFile
ZwCreateFile
_stricmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
strstr
ZwQueryValueKey
ZwCreateKey
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
strncmp
IoGetCurrentProcess
_except_handler3
_wcsnicmp
wcslen
PsGetVersion
IofCompleteRequest
MmGetSystemRoutineAddress
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ