14dd66707bbcfcadfd20a37ad8f655f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14dd66707bbcfcadfd20a37ad8f655f2
Size

53KB
MD5

14dd66707bbcfcadfd20a37ad8f655f2
SHA1

2b21ff1f9ac08c64f49cf14499ccac489cf9598e
SHA256

e4dee68c5847ee69600ec0d1e7ed202da7e1c4d6ce00de8c7045c05e612eec19
SHA512

3612f9b7998453d602ce4a1648d44fbf9dd7e70fc5ebd51702c02c9c5b22ab063714c023510ce6f4c5ec5b7ad0de9ad01d5b1aedbecd5e8466216c5816d7da71
SSDEEP

768:Ax3KkmJf1vDEV+z1k53NvpwkD1KX7z8UE5cqqT7d+IpExxuvR5jzJB:AxazhwV+BkpNiA1Krz83cjPdJCkjzJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14dd66707bbcfcadfd20a37ad8f655f2

Files

14dd66707bbcfcadfd20a37ad8f655f2
.dll windows:5 windows x86 arch:x86

eeb7f6897fb3f3cd5c9c9d8be22add46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwMakeTemporaryObject
IoIsSystemThread
ExInitializeResourceLite
KeReadStateTimer
RtlRandom
IoRaiseHardError
ZwCreateDirectoryObject
MmFreeNonCachedMemory
ExRaiseDatatypeMisalignment
IoSetShareAccess
PoRequestPowerIrp
KeQueryActiveProcessors
RtlUpperChar
RtlUnicodeStringToInteger
IoReportDetectedDevice
RtlInitString
RtlEqualString
IoCreateNotificationEvent
IoCheckQuotaBufferValidity
CcFastCopyWrite
RtlInitUnicodeString
FsRtlMdlWriteCompleteDev
RtlEqualUnicodeString
MmUnsecureVirtualMemory
IoGetRequestorProcessId
ExDeleteResourceLite
ZwEnumerateKey

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ