018eaf1eb36526bc6d1ac2d34c54ad93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

018eaf1eb36526bc6d1ac2d34c54ad93
Size

8KB
MD5

018eaf1eb36526bc6d1ac2d34c54ad93
SHA1

e11244684a8b5c3f37cf502d9f2969a6070884ee
SHA256

2424dcc190b7ca01ebb8d6c39fb30caa68c6f96578c997caf991b79a93a81373
SHA512

e7b2c96f28d80bc8e9038bc0a1ecae78c51c98e526e1e041d9fbcad1c11ba8e81c6af3f7403b98465b2c444934e5ae1abb2a6c9e956d63e0c97e98954d5c6925
SSDEEP

192:Hr79CuSFSSXnSXY/kyAqoXCYgBInciAJT8xyx7QE4:L79C82k9qoSYziT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
018eaf1eb36526bc6d1ac2d34c54ad93

Files

018eaf1eb36526bc6d1ac2d34c54ad93
.sys windows:4 windows x86 arch:x86

37d7d43d8af67d691484420536d9ce54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisGetCurrentSystemTime
NdisRegisterProtocol

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
MmIsAddressValid
IoGetCurrentProcess
PsLookupProcessByProcessId
ObDereferenceObject
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
PsGetCurrentProcessId
IoCreateFile
IofCallDriver
ZwAllocateVirtualMemory
RtlCompareUnicodeString

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 594B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 688B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ