0f1a635931263f8f2990a1e469dc528f | Triage

Sharing

General

Target

0f1a635931263f8f2990a1e469dc528f
Size

20KB
MD5

0f1a635931263f8f2990a1e469dc528f
SHA1

66435e5a27f3d44636e678f229b1d1b7b83c41b2
SHA256

bb7381aae2cd944daabdbf443e8cc9171d16bb545de6a6be0e81e7dbe8b91931
SHA512

fdef8221dd44d4323c86382066e172c04935eb9e82959e2f7678a4c2ac0607b9930273b1b023ddacac69cba3e80594a93cf497e555aa1557bd07c71a1e7159e7
SSDEEP

384:gk5PV4zjZoJO2JOh8CujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMtGPSxIO3:1qzj2PmsIpiKE4T7pYF4u3UVaDwBt3oj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f1a635931263f8f2990a1e469dc528f

Files

0f1a635931263f8f2990a1e469dc528f
.sys windows:4 windows x86 arch:x86

09dbeea61bfc359845bb074cb43ad155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
strstr
ZwQueryValueKey
ZwClose
ExFreePool
ZwCreateKey
RtlInitUnicodeString
wcscat
wcscpy
ExAllocatePoolWithTag
_stricmp
strncmp
IoGetCurrentProcess
_except_handler3
KeServiceDescriptorTable
_wcsnicmp
wcslen
RtlCompareUnicodeString
ExGetPreviousMode
ZwCreateFile
IofCompleteRequest
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
_snwprintf
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwWriteFile
PsGetVersion
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ