10edde0ff44099c5bf82120b28759ca4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10edde0ff44099c5bf82120b28759ca4
Size

60KB
MD5

10edde0ff44099c5bf82120b28759ca4
SHA1

ad9de4ba4ea96121b051f4851e31d974b7e28ae3
SHA256

936e3e4ab1f08c1c949fba8c52f68a9055ad47968da404c93403af150828c5e9
SHA512

972ee3c0c4a2ff2fa0f874921f1f97d76be9baf26e60e39aa9ac4ffec1ffca2cfc5f966811cc3bf3a4c85f17287c08d015ec01b219d9ad1248bf8e5607ccbd06
SSDEEP

768:M/ZN4y/o7g9ytjh11l11jWwi7OgmmWHqvS9EKSKrySEEG:6ZNg7WGjnWBz69E5KVEEG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10edde0ff44099c5bf82120b28759ca4

Files

10edde0ff44099c5bf82120b28759ca4
.sys windows:5 windows x86 arch:x86

711534ed110ca38fa90638c2cfb3b175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
IoDeleteSymbolicLink
DbgPrint
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoGetCurrentProcess
IofCompleteRequest
atoi
RtlFreeAnsiString
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
strncmp
ExFreePool
ObfDereferenceObject
RtlCompareUnicodeString
ObQueryNameString
RtlAnsiStringToUnicodeString
ZwClose
ObReferenceObjectByHandle
ObOpenObjectByName
RtlInitAnsiString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 706B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ