0c81caa89e5b9fa4d6ead23934d7881c | Triage

Sharing

General

Target

0c81caa89e5b9fa4d6ead23934d7881c
Size

33KB
MD5

0c81caa89e5b9fa4d6ead23934d7881c
SHA1

e1b96fd449aaab465ffb59795890bd685798a0ea
SHA256

6ac7ba4ebc909a20e1a0be2e4a47ee91b0ccb2da430e90c174b01f31d46524de
SHA512

2a750799ad3f5d5fe7dcf92c7a56963d76e15b7ffbb2be544fa0f2f7861ce1411b9ca1f460aa7a3ceb75b02b87f5e723c38bfcaf6b963e1af56a9cb84ce42247
SSDEEP

768:UMqf7siu/0qFPyNf7NN5m8bk7vXbt1E7T2r4bp0wmmnJZZUnUYzHgLcu53qxb9:Fxiu/FyNf5vm8bivXQ7T2gywmmnLZSUY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c81caa89e5b9fa4d6ead23934d7881c

Files

0c81caa89e5b9fa4d6ead23934d7881c
.sys windows:4 windows x86 arch:x86

6cfe730896d7bda533f1989a555ec540

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
isprint
RtlInitUnicodeString
islower
strchr
atol
isspace
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
tolower
toupper
wcscat
wcscpy
strrchr
srand
atoi
isdigit
isupper
strstr
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
isxdigit
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
_wcslwr
wcsncpy
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
IoRegisterDriverReinitialization

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ