0aeefb6019d198afe447cfe7283d2727 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0aeefb6019d198afe447cfe7283d2727
Size

32KB
MD5

0aeefb6019d198afe447cfe7283d2727
SHA1

de6a226680676ccbfdb582c0dee151898035fc7a
SHA256

c253ef063b06c9b2e562f1d02d1efe265c4dae56fba10e692c01df4ea0fe6873
SHA512

87737a182ae954b1825de0c5f632435731f8e59aed5832c9f4f9cb818dd305027e18f26fe7424998ed068553963a50e86d012be03ffe9cd254f090c20c74c503
SSDEEP

768:6fHLrccDhYRaAgkkZBAc86kXGzYBslmK0xZ7U:6jrfD24/Zg42A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0aeefb6019d198afe447cfe7283d2727

Files

0aeefb6019d198afe447cfe7283d2727
.sys windows:4 windows x86 arch:x86

e114ab1040fa5d12c75d08146e624fa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlAnsiStringToUnicodeString
RtlInitAnsiString
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
memcpy
IoBuildSynchronousFsdRequest
KeInitializeEvent
RtlFreeUnicodeString
memset
sprintf
_except_handler3
IofCompleteRequest
RtlEqualUnicodeString
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 566B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ