1ff78bcce88590981133c40187d2f7ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ff78bcce88590981133c40187d2f7ca
Size

27KB
MD5

1ff78bcce88590981133c40187d2f7ca
SHA1

d1606e91e38c913de0f6e04c3b89c54027494fd7
SHA256

d7f9d56312659faa66bef0cf54760fff27e649430a74980870bdbbe2e6210061
SHA512

975d3cff0d6c16e82d3011dc8ec2560f0737b7e4160988d4b4e87e13134756b065c3d2eb5ce989ae78432bbc606374134ccedd12f728abc688627efc680cfb00
SSDEEP

768:Wd+IdTD0G5XcpgezYGXATqtFpyKb73SbyTnFX1:UPikwayTz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ff78bcce88590981133c40187d2f7ca

Files

1ff78bcce88590981133c40187d2f7ca
.sys windows:4 windows x86 arch:x86

1a138d5351467658c3ea23266e34ba06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
wcscat
swprintf
ZwClose
RtlInitUnicodeString
ExFreePool
ExAllocatePoolWithTag
wcslen
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
KeServiceDescriptorTable
MmGetSystemRoutineAddress
wcscpy
_stricmp
strncpy
RtlAnsiStringToUnicodeString
_strnicmp
IoGetCurrentProcess
RtlCompareUnicodeString
ExGetPreviousMode
ObfDereferenceObject
ObQueryNameString
ZwUnmapViewOfSection
_except_handler3
strncmp
RtlCopyUnicodeString
_wcsnicmp
_snprintf
ZwQuerySystemInformation
IofCompleteRequest

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ