08c7ced85f52e6c78767ba5a25db6695 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08c7ced85f52e6c78767ba5a25db6695
Size

32KB
MD5

08c7ced85f52e6c78767ba5a25db6695
SHA1

fd4f083e75758d1c1c2eeab463a3e14708b82dbb
SHA256

dffd6d58b547ae2801f96891b99092612a57d4578f9fcb7ceb0fb18318a8dd32
SHA512

72a01ccdca845249290d942ad077d554010fda3eb7ead8f078750f4632feadac2739274b2f0cf6d64459c8010480696ba25f3495066636140f59ca551c4c7e4d
SSDEEP

768:UpyWLse5T0oi0L6ZcIU/bs/Vyj2Opagef3VgRKm4JCLuDKKKN/+q:UvLs20oi0L6ZcIU/bs/VySOUg23VgRKu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08c7ced85f52e6c78767ba5a25db6695

Files

08c7ced85f52e6c78767ba5a25db6695
.sys windows:4 windows x86 arch:x86

4c3b55687c5ed60967b239ff59e4f64d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
KeDelayExecutionThread
ZwCreateKey
wcslen
islower
swprintf
srand
wcscat
wcscpy
atol
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
isxdigit
isprint
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwUnmapViewOfSection
isspace
isupper
atoi
toupper
strchr
tolower
strrchr
strstr
isdigit
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
ZwCreateFile
IoRegisterDriverReinitialization
_wcslwr
wcsncpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ