1068663f54e706e845edb31a5dafe3ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1068663f54e706e845edb31a5dafe3ea
Size

27KB
MD5

1068663f54e706e845edb31a5dafe3ea
SHA1

3e5487784a090a530c980bc4f42304666ed74372
SHA256

1144a80fd44389c50785ef7082fb92de7e60a6dd471ad313cfd794337dd7a389
SHA512

b2d29aa4759f641d1ae247d533c0042b51f6a34298224994a25a0ec6d52d43058550fcb9a16a0084d877b66979a458b7995aeadc0fdc0a2d211eea29bcc0fbe5
SSDEEP

768:dswuEabfW2e3gBRRMUU7LE/A3SjPv2HrKtFSdf:dalLeQ747LE/ZnirKnSZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1068663f54e706e845edb31a5dafe3ea

Files

1068663f54e706e845edb31a5dafe3ea
.sys windows:4 windows x86 arch:x86

211d18339241de2effc535e6de57fd95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ExFreePool
ExAllocatePoolWithTag
RtlInitUnicodeString
_wcsnicmp
wcslen
wcscat
swprintf
wcscpy
ZwClose
MmIsAddressValid
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
RtlCompareUnicodeString
ObfDereferenceObject
ObQueryNameString
MmGetSystemRoutineAddress
_except_handler3
_strnicmp
_stricmp
RtlCopyUnicodeString
strncpy
IoGetCurrentProcess
RtlAnsiStringToUnicodeString
_snprintf
ZwQuerySystemInformation
strncmp

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ