094c716b9282728a23073a61ccd7feeb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

094c716b9282728a23073a61ccd7feeb
Size

3KB
MD5

094c716b9282728a23073a61ccd7feeb
SHA1

ddbc600905bf42eef86bf36d3c8ec8067e627f19
SHA256

c1b0f2b360544c4cccc98977858fc37f74d1db1d11ffa92ab207f04872ee395f
SHA512

3587b3284c01631595b5ee63e67f249c8ab74fa59c77f0e8a0b32ca7610ac64419ca1d1115285afe435dfc65566da07d653d0910da4c9607022851cb3fb54a29

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
094c716b9282728a23073a61ccd7feeb

Files

094c716b9282728a23073a61ccd7feeb
.sys windows:5 windows x86 arch:x86

cb70b6602d893162abc0ed8af3f4e188

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
ObQueryNameString
IofCompleteRequest
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 209B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 562B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ