18683c76e70a9f2a16ce193c1ab21a48 | Triage

Sharing

General

Target

18683c76e70a9f2a16ce193c1ab21a48
Size

5KB
MD5

18683c76e70a9f2a16ce193c1ab21a48
SHA1

b4007cc90c6ba59ead4829141c2fd29db0307331
SHA256

5be4e7fc1a855550340386d8a68ea8275d5cfe2e2ffb2716db2831f8ecf65589
SHA512

a5b9aaac1e046482f771148fcacfb7d0edca58be1384a7595653d26d1d4e7afdcac5783cb4defda10f5c5c52cd6b08430ee3e585d01ee273a59b036e59683690
SSDEEP

48:iZP/Sfhx/587nWoepEXiv2n0BG3pDqVlVUA66bVVtRrgf14:Dx/587OEXRn04LAL1gf14

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18683c76e70a9f2a16ce193c1ab21a48

Files

18683c76e70a9f2a16ce193c1ab21a48
.sys windows:5 windows x86 arch:x86

5a1e0db0831434fc9b91bbb5a3583c3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenProcess
PsProcessType
ZwClose
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
_stricmp
ObReferenceObjectByHandle

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 207B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 534B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ