021d410b5f5c7bd09b24beb3948686fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

021d410b5f5c7bd09b24beb3948686fb
Size

40KB
MD5

021d410b5f5c7bd09b24beb3948686fb
SHA1

49a5cc587deb54102b623066c35366db78b3a1d3
SHA256

e2b093363c883f414685966b879a6ed6f03da6012722bb67723d2246260062f0
SHA512

2c7d937f60e38bbc857115f46fb509159c20585b0ccfa4e26c8e012a887d562e56d1163ae072e04b18aae58f3cf88112663942168bd4250e7bf23ba9846b57dd
SSDEEP

768:ynbAiTKOW/YgYXNRCs99PtFRS8TsIYilUelc+i4:ybA1OWaR797EHilJ2+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
021d410b5f5c7bd09b24beb3948686fb

Files

021d410b5f5c7bd09b24beb3948686fb
.sys windows:5 windows x86 arch:x86

ae578babd6ac441442d80a6d1f1358c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsNonPagedSystemAddressValid
RtlInitUnicodeString
toupper
RtlGetOwnerSecurityDescriptor
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
ExAllocatePoolWithTagPriority
IoAttachDevice

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 328B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ