0e0c1f32c3ace2f5c8a248e4ee5ab09f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e0c1f32c3ace2f5c8a248e4ee5ab09f
Size

9KB
MD5

0e0c1f32c3ace2f5c8a248e4ee5ab09f
SHA1

507fe5c462afcc9514bc080b646489d2056f4f83
SHA256

c031197f6755cae0201d990e51a485a308ae42a2169b54b32c7e1693bc373c6f
SHA512

7ea0d6820de0f29357b55660fa1cfd1bcb96d963bc05f3618378d6bd026f571deab59c9d8e0173cbf6beee4a8f2de1a96d1e61defc0c11ae31f0a539984c814e
SSDEEP

96:PX/+oWO8UJP9EJQMRui8fDyCvQ6El1e8S9YP+vI43qWfZm/1uTupj:Pv+oWO8UFSOMRuJ26E7dQvLwj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e0c1f32c3ace2f5c8a248e4ee5ab09f

Files

0e0c1f32c3ace2f5c8a248e4ee5ab09f
.sys windows:5 windows x86 arch:x86

ad85e6b1b91bec6816306bdc3be69475

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDriverObjectType
RtlInitUnicodeString
IoDeleteDevice
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateSymbolicLink
ObReferenceObjectByName
ObfDereferenceObject
IoGetDeviceObjectPointer
IofCompleteRequest
IoDeleteSymbolicLink
IoDetachDevice
IofCallDriver
wcsncpy
MmIsAddressValid
wcslen
_wcsnicmp
IoCreateDevice
IoCancelIrp

hal

KfAcquireSpinLock
KfReleaseSpinLock
READ_PORT_UCHAR
KeStallExecutionProcessor
WRITE_PORT_UCHAR

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 203B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 676B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ