1cb40c8613034dc0cad2aa9995b067a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1cb40c8613034dc0cad2aa9995b067a5
Size

45KB
MD5

1cb40c8613034dc0cad2aa9995b067a5
SHA1

ca727591c20e579a27f94fe8357b7e94f48c33a5
SHA256

6f840c969e657d1ae250f663466280570fae74b5facab42b1ad5196b94277fe9
SHA512

98a5599e2166c77bbf53ff0024b08620305eb79da49e7c58821cf8b8457a9d2215168e1fd55388821d3f3f612b6ed27c98c1dfc3b12827897c7f5eebc7e183c0
SSDEEP

768:1oaJLXd1eNXg4y8gvt5zdu/cTUUWtz0ERxHi4GJJVesgdRqXGfmCWb0dROw4ozcJ:1oYLN6wP8gvjzdfTytz0E7i4GAsgdk2i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cb40c8613034dc0cad2aa9995b067a5

Files

1cb40c8613034dc0cad2aa9995b067a5
.sys windows:4 windows x86 arch:x86

37a7d9a907096e82b7813b4e3aafc263

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmGetSystemRoutineAddress
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
swprintf
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
PsSetCreateProcessNotifyRoutine
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
IoRegisterDriverReinitialization
ZwCreateKey
PsGetVersion
_wcslwr
wcsncpy

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 224B - Virtual size: 205B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ