2080b57b95a45080bcb3efabfc24af17 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2080b57b95a45080bcb3efabfc24af17
Size

30KB
MD5

2080b57b95a45080bcb3efabfc24af17
SHA1

552bc6495f4b64f82ce8f2350b3432a36c8bfd62
SHA256

ac6137649f61cb242539f84731c345e23f8ca3c6633667d98ed3f8ce93166d0e
SHA512

753be6b97f3797448ecc7a336914d3c7438e7c1cf4949f6816e5105013b6576bee0f9d51b2e28e282e65fc58d559408bf753306fdb7455ac8265b9779f72f9b6
SSDEEP

768:UHtZPLmlb6BQhYC9yh16hbTZETINKXuoT4s5OSI+0wB:KP6lb6BQhYC9yh16N2INKeY4s5o+0wB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2080b57b95a45080bcb3efabfc24af17

Files

2080b57b95a45080bcb3efabfc24af17
.sys windows:4 windows x86 arch:x86

aceb989188960aa8a9b9828fd184a57c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

tolower
isupper
islower
isspace
strstr
isdigit
isprint
atoi
srand
toupper
strrchr
isxdigit
strchr
atol
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
PsGetVersion
_wcslwr
wcsncpy
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
strncmp
IoGetCurrentProcess
_wcsnicmp
IoRegisterDriverReinitialization
ZwUnmapViewOfSection
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ