0b36018f807486f802ea022dde2431dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b36018f807486f802ea022dde2431dd
Size

18KB
MD5

0b36018f807486f802ea022dde2431dd
SHA1

de7a0c827a53aa63a14fe4b1694fb599d9015d0f
SHA256

098027695af8a6c378ceba525fa781706ee602bad8cb434238d2a130d65baf1d
SHA512

978d2ef860022855ccb72252e96978768cd1d5e887663f41250b4119dec332f7bfb2c5043527507a58995fd959964fb21a4438583c6306252be0a6aceabb2581
SSDEEP

384:UWoCAWyjuOf4pCujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMtGPSxIOkCWhc:SCNO9sIpiKE4T7pYF4u3UVaDwBt3oZSM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b36018f807486f802ea022dde2431dd

Files

0b36018f807486f802ea022dde2431dd
.sys windows:4 windows x86 arch:x86

1d9cab6052dce7767037b76f128e4512

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strlen
ZwClose
ExFreePool
ZwWriteFile
strcat
ZwCreateFile
RtlInitUnicodeString
wcscat
memset
ExAllocatePoolWithTag
strstr
_stricmp
strncmp
IoGetCurrentProcess
_except_handler3
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
wcscpy
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
_snwprintf
ZwEnumerateKey
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
_wcsnicmp
wcslen
memcpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
PsGetVersion
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 976B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ