0309d897a855c422cdd01325bf38b354 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0309d897a855c422cdd01325bf38b354
Size

16KB
MD5

0309d897a855c422cdd01325bf38b354
SHA1

c92f4f7c721c6e35eb6bb3aab56a3547b1e1fd33
SHA256

d5954bde3e23b3931e40e76ad9fcc6b5257269c683c06457474af3cc4b421319
SHA512

22e6429eacfc83118e985113bda3221a143cd0827b9d0b6ab6b44268f7e7c3ca64e46e87c20c1311dedf7378174e58dbbff1f5a37768a090ad5f9bae90054ddf
SSDEEP

48:i8NFOutD7Kjv13aBxBP8kRnf+jdKjdoPr++OgPtzHFFts6aZyANoahMwNm5Q36S3:nJtD7Kr13cf+8abtGxpN+2m5DSkJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0309d897a855c422cdd01325bf38b354

Files

0309d897a855c422cdd01325bf38b354
.sys windows:5 windows x86 arch:x86

f0bdf5b0cb967325486d5d60da8ba9bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
ZwOpenKey
RtlInitUnicodeString
mbstowcs
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
wcscat

Sections

.text
Size: 896B - Virtual size: 775B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 128B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ