191cc94a44cba9769778fb382660dd2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

191cc94a44cba9769778fb382660dd2f
Size

7KB
MD5

191cc94a44cba9769778fb382660dd2f
SHA1

304b71b0bce67c9e03e523ac7abacdc7583c8240
SHA256

de97458b5057df05ac7a3727657c9055c20104d13e7be4ae4266a3a486e4c953
SHA512

6f4159970b93379fae7ed28cbbf8ddbf8f8b2c33653889b5ab24126e4dfcfd6647848d67f288d3218ebd04f7b91eaaf72e343821e1b48b91b6c938c8417530fb
SSDEEP

192:z8mo2rcNnnFtdpVYo42MFjN18VpLwkOwKJj1zJ:zzfrc9nlpV3N+jIpLwmKJhzJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
191cc94a44cba9769778fb382660dd2f

Files

191cc94a44cba9769778fb382660dd2f
.sys windows:6 windows x86 arch:x86

afebc3f4a4f111aa201c2b393f5e460d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
ExAllocatePoolWithTag
MmIsAddressValid
memcpy
ExFreePoolWithTag
KeServiceDescriptorTable
_wcsnicmp
IoFreeMdl
MmUnlockPages
ObfDereferenceObject
KeDetachProcess
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
KeAttachProcess
IoAllocateMdl
PsLookupProcessByProcessId
memset
PsTerminateSystemThread
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
NtBuildNumber
KeTickCount
KeBugCheckEx
RtlUnwind

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 794B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ