1592fd7fe3929cb38b6c3fffdf1e3224 | Triage

Sharing

General

Target

1592fd7fe3929cb38b6c3fffdf1e3224
Size

21KB
MD5

1592fd7fe3929cb38b6c3fffdf1e3224
SHA1

8d9c4656e00035035352fe4a660672d5fb7b6747
SHA256

69994d1e124960286c146469ab08aaf43eb3a16f18c542eb35b275b5f6ec9f3a
SHA512

0e47e7077bc526f8fad2d535666d3b216d127d7899628d19b8ff9f52944771dcb1de74c745e9dea4adb2a66663c913b47b49ceed2fcbf87302e88dd4ffe2f3b8
SSDEEP

384:BeigTslTdwoTS6M/0gY/TUzfqdSaX9cTuwd6B/uEdjE7WEK2MdiR/h:BUYlTyUS6M/0gQTUzYSaX9cTuvB/918l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1592fd7fe3929cb38b6c3fffdf1e3224

Files

1592fd7fe3929cb38b6c3fffdf1e3224
.sys windows:5 windows x86 arch:x86

16bdb0c2a85d7ab017c99c7f5c395abe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
PsGetVersion
_wcslwr
wcsncpy
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwCreateKey
wcscat
wcscpy
ZwUnmapViewOfSection

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 958B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ