034d5e8bfb5f220562e7b122d1e04a5e | Triage

Sharing

General

Target

034d5e8bfb5f220562e7b122d1e04a5e
Size

3KB
MD5

034d5e8bfb5f220562e7b122d1e04a5e
SHA1

1b6e63374c57b8efe784b6d36da96f54f32690be
SHA256

c07698cc64edad921b2fee6d2082c59a58a8856a3af52a86096fde9b2a2e75dc
SHA512

c3808305f87fee52965acaf225efd3d5eedffdaa4a10a0f4da25a150f9d3d33c719c01ff031c10400f9f2e40b29d49112dd3ea1b1476772154ee28d91b10c8d0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
034d5e8bfb5f220562e7b122d1e04a5e

Files

034d5e8bfb5f220562e7b122d1e04a5e
.sys windows:4 windows x86 arch:x86

180974f67b163680f202b87f3ae6d2a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
_stricmp
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwReadFile
ExAllocatePoolWithTag
ZwClose
ZwQueryInformationFile
ZwCreateFile
ExFreePool
ExFreePoolWithTag
memcpy
strcat
RtlFreeUnicodeString
ZwQuerySystemInformation
DbgPrint
KeServiceDescriptorTable
strcpy
InterlockedExchange

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ