0a286f83ba06634620de6022bda32838 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a286f83ba06634620de6022bda32838
Size

2KB
MD5

0a286f83ba06634620de6022bda32838
SHA1

2bb05006051ca659bf725d2c94f8273d7cf92d77
SHA256

be747fee62980c402197a01ce5b893a0cf0b08f3bc5e67fbf1db67f955a1f5da
SHA512

1d843f80ff82e42c748d3cbee5aadf24889e80c4c0d7f1faef80a70dfc89fb0dd93b0a398ae15d3d62e3193995678fe0cd5b768b8f5c6bc1333240b0dd25d1c0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a286f83ba06634620de6022bda32838

Files

0a286f83ba06634620de6022bda32838
.sys windows:5 windows x86 arch:x86

8a6304af31ac1faf583479f827c0adfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgPrint
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
ExAllocatePoolWithTag
KeServiceDescriptorTable
IofCompleteRequest

Sections

.text
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ