02e95d39d69c8c9c7d66a70f1e599f5b | Triage

Sharing

General

Target

02e95d39d69c8c9c7d66a70f1e599f5b
Size

14KB
MD5

02e95d39d69c8c9c7d66a70f1e599f5b
SHA1

8ccedfe8333b98bb3c6ebed8963ab203a457aea5
SHA256

928eafd8f4dcf476b73a6baa6dd742ca3951090ea8498cee426b6d6d2497a59d
SHA512

3ac3d29895d2be9d589f67391eee39eb64f4498d1bf859b48431d5116f6b5ac0888283b7b9995ddd9155da1eb04272ed9aca347e578223f8244babdf31792834
SSDEEP

96:ECo7dWzY2z7DTkGVRyWnH4uLpqozh9LgvFebI/HjN6qF4YL1sqpLXfoqbE:2dWXP3peSHZN9LgvFHx6qeYdBwqbE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02e95d39d69c8c9c7d66a70f1e599f5b

Files

02e95d39d69c8c9c7d66a70f1e599f5b
.sys windows:5 windows x86 arch:x86

ee06518f6fdf76ddee9bf1f4704106b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeMdl
MmUnmapLockedPages
ZwMapViewOfSection
PsGetVersion
sprintf
tolower
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
ObfDereferenceObject
ZwAllocateVirtualMemory
RtlInitUnicodeString
ObReferenceObjectByHandle
MmSectionObjectType
ZwPulseEvent
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
_except_handler3

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 570B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ