08e8bab624fc4ce4aabdb245d9799fa7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08e8bab624fc4ce4aabdb245d9799fa7
Size

3KB
MD5

08e8bab624fc4ce4aabdb245d9799fa7
SHA1

215ea050b2775cc89b3e07f8aa785a9c3ad89a62
SHA256

60996fec83db7835ebdd8e755fdd90dc0694fa9a300c5a439c28547089bf304c
SHA512

dc7e9484a8321121e1c0c4faa06fd1bcf1fb593dd4e3d16b50c296b3fc0a4a9ef81daefc36205543d4d9fa86b9e88112a8f96c5407fe1bc32979b1d11e542d6e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08e8bab624fc4ce4aabdb245d9799fa7

Files

08e8bab624fc4ce4aabdb245d9799fa7
.sys windows:5 windows x86 arch:x86

29b24ee9350c2c96fbb35208a8163bd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
ZwOpenKey
RtlInitUnicodeString
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
wcscat

Sections

.text
Size: 896B - Virtual size: 884B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 128B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ