0f7feb857cd4f6a27c2013b1e3ed9058 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f7feb857cd4f6a27c2013b1e3ed9058
Size

34KB
MD5

0f7feb857cd4f6a27c2013b1e3ed9058
SHA1

fa155f44f581804c979ff9ed2c15a0b86ac34785
SHA256

fa021bd943ddb57e75a7b24f700e92f5109f6608fb2d93a854f2718d4ca4385d
SHA512

7f689d5ad4d26f56f14973bc8e08ffffd9acda3d644ae720457c873f2a59f5c437cd5effeb6f392d67f1961407d56e6f82268976add0298f27237f1189a30b0c
SSDEEP

768:UqQKO8AGJ25P+2RTNKwz1MtTM9coaMV7jL4I/jCiHBWjTBXK6byvKNla:28AGJ252kNKwzh9coJVf0I/WuUBXK6Sp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7feb857cd4f6a27c2013b1e3ed9058

Files

0f7feb857cd4f6a27c2013b1e3ed9058
.sys windows:4 windows x86 arch:x86

a0f10563ef6c39badc40f31fd8f60198

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
wcsncpy
PsGetVersion
srand
atol
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
atoi
RtlInitUnicodeString
wcscat
wcscpy
tolower
strchr
strrchr
isprint
isupper
isxdigit
strstr
toupper
islower
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
isspace
IoCreateSymbolicLink
IoCreateDevice
isdigit
RtlAnsiStringToUnicodeString
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
MmIsAddressValid
ZwUnmapViewOfSection

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ