0a8691280fff0308f571a0d8de8668f9 | Triage

Sharing

General

Target

0a8691280fff0308f571a0d8de8668f9
Size

4KB
MD5

0a8691280fff0308f571a0d8de8668f9
SHA1

f1f1583936ee5db4dee15213404399495b036693
SHA256

3c51f3df38e8f590a0348853726418fb47d730f541dddd93c2d6ce452ebd3f15
SHA512

1a95c906fab1f0f819b4700b99ce2679163582077c030bf29a518a9586a7050c35be025883b35197adbe4dde042d388564ac7fa133474f57c273883e875d0700
SSDEEP

48:Ssce45KTtnA6bjH1qdpAX4XrGZ3nFbe52opfeAqV7VwmRyA66bVVnTg9Rrgjf:T45KTq6beyX47GIR3Ac1gj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a8691280fff0308f571a0d8de8668f9

Files

0a8691280fff0308f571a0d8de8668f9
.sys windows:5 windows x86 arch:x86

c609ce526b8ef0e7c12317e4fd5b7873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsSetLoadImageNotifyRoutine
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenProcess
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsProcessType
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
_stricmp
ZwClose
ObReferenceObjectByHandle

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 255B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 782B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ