0cfe17370ebf7fe006ff569fef226881 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cfe17370ebf7fe006ff569fef226881
Size

23KB
MD5

0cfe17370ebf7fe006ff569fef226881
SHA1

26beb624774ec2093be5f153136dc1bc29746bbc
SHA256

60c22641a92c10651b1bbdeea273faeff46a464da5c8036019f5446bd23838de
SHA512

582454c463f44622d2c28d6b5a8fd5715048fd25c04a72af671d21b85769117b947e596fdb993201e1738adab6dfa928d4599815a3d159eeef6738546fdc8bf9
SSDEEP

384:oROquJM/VW/Wz6B1Ig8CS/zGC48vvatEqHMvX079SxLJGvgK292axePbBEv:o0ty/VW/WuBug8CCzGC48Xa1svX49ML1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cfe17370ebf7fe006ff569fef226881

Files

0cfe17370ebf7fe006ff569fef226881
.sys windows:5 windows x86 arch:x86

00e98369ffa3ae6f934ce914473c0259

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsGetVersion
_wcslwr
wcsncpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwCreateFile
IoRegisterDriverReinitialization
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 958B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ