3b1c80d99038242293e55bf827368a9b | Triage

Sharing

General

Target

3b1c80d99038242293e55bf827368a9b
Size

21KB
MD5

3b1c80d99038242293e55bf827368a9b
SHA1

49203dc47e01b22ddb4da5f421b51003a4020a48
SHA256

df4eb56ca1dfb1379befce0ccdbf9684066f5cf4de8b80a6093fea61635b2558
SHA512

4ca380ec06359996fb0310106477352c6188627c72e3ff23bdbfb7171cef371123f88f83521eee326889b78aeddf7a976bc0ad900c184048d54cb1078c774f8c
SSDEEP

384:nhVdoiIi9zUBEnzANlyum5i1wBUg+dNo5KrICYTl9zUl:9oen4ekgeW0Iflq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b1c80d99038242293e55bf827368a9b

Files

3b1c80d99038242293e55bf827368a9b
.sys windows:4 windows x86 arch:x86

b63692ba59f2590d69b5ef42e4e71263

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenThread
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
ZwSetValueKey
ZwReadFile
ZwQueryInformationProcess
ZwQueryInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
ZwOpenProcess
ZwDeleteFile
ZwCreateKey
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
RtlCompareUnicodeString
NtLockFile
_strnicmp
PsLookupProcessByProcessId

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 816B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 606B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ