2214f2e0182b2fe519e8a00fdb9b1219 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2214f2e0182b2fe519e8a00fdb9b1219
Size

2KB
MD5

2214f2e0182b2fe519e8a00fdb9b1219
SHA1

d39afbffa679d84d72eb3992d36b24aaf23e6b09
SHA256

170c9ba3dbd8e6f0bd02a316ae0c305116c774eff3c879f8eafbd5279a521ee5
SHA512

beecfb3548709514a44473079de3add439efbdc1afb56ad579f63261164bb156b90ce8810713368597a81f2d5706c007798c00fbdc2c52fd350e76887079706e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2214f2e0182b2fe519e8a00fdb9b1219

Files

2214f2e0182b2fe519e8a00fdb9b1219
.sys windows:5 windows x86 arch:x86

fb9e3a2cc8b6037e83126d7f10dcbf1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
ZwOpenProcess
ZwClose
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ