00e5084454d1c1d36e372a46ca19ccc2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00e5084454d1c1d36e372a46ca19ccc2
Size

19KB
MD5

00e5084454d1c1d36e372a46ca19ccc2
SHA1

c9dcdf655158ffc01c8825d814831899315ba48b
SHA256

0c4a109dfe7c666da07d76510b3a55e4ad827fea1f56dd3cbc957317e234746a
SHA512

869f7dc3d02f9076275c37db311335dc01f92db61c5921d636cb9e798bfc34f64b242aa61d0c52229fb0813763e161faa2ba72e48e36dd9f8329d86d34fb1eb9
SSDEEP

384:UefpEUxDkxzjb2IzULITM3TSOVyRE7LVoRiIMJHigYOC2sMJy75:Uef6KDmb2PUTM3OXRE3VoRiIoHigYOCF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00e5084454d1c1d36e372a46ca19ccc2

Files

00e5084454d1c1d36e372a46ca19ccc2
.sys windows:4 windows x86 arch:x86

e47150a8acf3c56986925d26bedcc878

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

isspace
islower
strstr
strchr
strrchr
srand
isupper
isxdigit
isdigit
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
_wcslwr
wcsncpy
PsGetVersion
atoi
isprint
tolower
toupper
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
swprintf
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
KeDelayExecutionThread
ZwCreateKey
wcslen
wcscat
wcscpy
atol
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ