0bd82b8f4f0c1bbcf7ed7171fe1af543 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bd82b8f4f0c1bbcf7ed7171fe1af543
Size

27KB
MD5

0bd82b8f4f0c1bbcf7ed7171fe1af543
SHA1

e98342f0034c8380bd0717cb68daddbbf78e5046
SHA256

07ef661bbcb8b5ef638c03bc08190a437656abfbf931d38773a31d964f7f92cc
SHA512

732ce520d223695d4694dab762ebaccb28b5d691f126410d1aa16264b065550f121307accadc1343a9ee9609d68c719ae723a54653a476de27611c9093696606
SSDEEP

768:otWSI71y6MSvm2BnuwombS0gwTUda+35PXW87VA:oxa/qffV7V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bd82b8f4f0c1bbcf7ed7171fe1af543

Files

0bd82b8f4f0c1bbcf7ed7171fe1af543
.sys windows:4 windows x86 arch:x86

db2b4f83dd4f58b196b28ebf689c120d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObQueryNameString
ZwClose
wcscpy
wcscat
RtlInitUnicodeString
swprintf
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
MmIsAddressValid
_stricmp
RtlCompareUnicodeString
ExGetPreviousMode
ZwUnmapViewOfSection
wcslen
KeServiceDescriptorTable
RtlCopyUnicodeString
_strnicmp
strncpy
_wcsnicmp
strncmp
IoGetCurrentProcess
RtlAnsiStringToUnicodeString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
IofCompleteRequest
_except_handler3
MmGetSystemRoutineAddress

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ