087e5a74059043750966f78d5c257eb8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

087e5a74059043750966f78d5c257eb8
Size

16KB
MD5

087e5a74059043750966f78d5c257eb8
SHA1

b30939fd4d7414982176d1734c655985ef59d9ef
SHA256

babb6ea9b4d5b30683f789ecf2a2cb0e8be95dd75f3cf14b021d481a66432d6f
SHA512

83f5da26bc59daabeae2e04fd2934eaa8bb72369f75a0a8564f115d9f975b462ad0505b98d5c5110221d9992ed37a9fd17f51f68e080ae7552529a036c36d6fb
SSDEEP

96:ttD7Kr13cfc+B9Of1nnanV5HFt6JvApVJ:T7i1WLOtaVBFso

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
087e5a74059043750966f78d5c257eb8

Files

087e5a74059043750966f78d5c257eb8
.sys windows:5 windows x86 arch:x86

f7596b8bb903209eb51a59f1da209fe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
ZwOpenKey
RtlInitUnicodeString
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
wcscat
mbstowcs

Sections

.text
Size: 896B - Virtual size: 775B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 128B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ