0ae242893db3a54199c28bc2f82bd77d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ae242893db3a54199c28bc2f82bd77d
Size

19KB
MD5

0ae242893db3a54199c28bc2f82bd77d
SHA1

da4f786aea725401af6f8fc139ead65fddd60117
SHA256

5c2f258087324756f2b65b4548ff204f0b484fb57c420eeecd08e96987e739db
SHA512

5f6bdf0671efa1a1ef3adfde7dce43f379ac849ead753b67665fa7bf644dd1fff34786367379823cef5c1fa0da5c86ceaf9173b4e822db50b92d2ec37f49d634
SSDEEP

384:UvB3474BWuHFQyL3QuQTnEs6fQQcCspFf2VWLYICVbvZGxndqdFnt:UJo7atHKTuQTnr2QQczpFf2VW0ICVCYj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ae242893db3a54199c28bc2f82bd77d

Files

0ae242893db3a54199c28bc2f82bd77d
.sys windows:4 windows x86 arch:x86

8c323eafe6f70f67802ed4ad96914905

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwClose
ZwOpenKey
strchr
isupper
atol
atoi
_wcslwr
wcsncpy
PsGetVersion
strstr
islower
isdigit
strrchr
srand
MmIsAddressValid
ZwUnmapViewOfSection
KeDelayExecutionThread
ZwCreateKey
wcslen
isxdigit
swprintf
RtlInitUnicodeString
wcscat
wcscpy
RtlAnsiStringToUnicodeString
toupper
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
isspace
tolower
isprint
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
IoRegisterDriverReinitialization

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ