027debc07915fe8a6a89e62941d00af7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

027debc07915fe8a6a89e62941d00af7
Size

28KB
MD5

027debc07915fe8a6a89e62941d00af7
SHA1

f65d121b682e4ea2b555b4630462879759262b20
SHA256

ef346ccead0209120f41aa4307b46ce1fbecf60b407b1fea00a6cc5422d6e21c
SHA512

dce5e6e0fad9183eea72fff2bdf0e1e4d12eec61f743cb18a193e3b13ed945863964fdd1d85706e3ce4c06753498c5845345258d31c3248e953e58e17ca82c7f
SSDEEP

768:FwTnY0NI39IP49JxaROIPVQsfnmIChhUAplv:WTYF3i4nxyfmIyhUApx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
027debc07915fe8a6a89e62941d00af7

Files

027debc07915fe8a6a89e62941d00af7
.sys windows:4 windows x86 arch:x86

f2953287a017ce44424832826355c84a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
RtlInitUnicodeString
ZwClose
wcslen
swprintf
wcscpy
wcscat
_stricmp
strncpy
ZwUnmapViewOfSection
ExFreePool
ExAllocatePoolWithTag
_snprintf
ZwQuerySystemInformation
_wcsnicmp
ObfDereferenceObject
ObQueryNameString
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
IofCompleteRequest
_strnicmp
_except_handler3
RtlCompareUnicodeString
ExGetPreviousMode
RtlCopyUnicodeString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ