13029c3bef67cd657214b06c6c6cb81f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13029c3bef67cd657214b06c6c6cb81f
Size

35KB
MD5

13029c3bef67cd657214b06c6c6cb81f
SHA1

638075544c4fc947d3868bfd01c0265951e5e2d9
SHA256

091a7f2e5ae78be3f817c3962897f311a1fd74d7572f3de2d07c4deddab34709
SHA512

d73ec2572d78d4fee80c350c2d613c71f667f4aad9717679d338105987693569dd73d458a0bf574d2b0d44a5db541c821c1f892aab8b5fed63657f4620c27c49
SSDEEP

768:UkVsTP0IUpFIpohpPUlC6It38nMaycj2lukWEg6mfSgd+Xd8ISRB94Pr3PSt4Ex4:lIUsOpMlC6It38nZ4AkT5Tgd/I0B94Pj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13029c3bef67cd657214b06c6c6cb81f

Files

13029c3bef67cd657214b06c6c6cb81f
.sys windows:4 windows x86 arch:x86

0df464d2ca608d9086b3aa64a90c882f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
wcsncpy
PsGetVersion
isupper
strrchr
atoi
tolower
isspace
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
MmIsAddressValid
ZwUnmapViewOfSection
swprintf
KeDelayExecutionThread
ZwCreateKey
islower
wcscat
wcscpy
toupper
atol
isxdigit
srand
strchr
isprint
strstr
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
isdigit
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ