234b2c170dece8f6e741c448b5726db9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

234b2c170dece8f6e741c448b5726db9
Size

7KB
MD5

234b2c170dece8f6e741c448b5726db9
SHA1

af3f005ffe397d295e755e60e97d973e6b7a26b3
SHA256

9d0bc2ca4e18e068690157d54cdb1780c03d89465e7d0a683c4f4cc70a7ad65c
SHA512

3e92c4eaf70dda1b974239fa8b741e39c6ab9d89629910024347daa9114a4abb2414200c639f1f61412affdee3e943c341aac9e3194607cc4051d1050e8c6c3c
SSDEEP

96:Bqd+qDViHUh8P7QqziJYYTgA6jC3QVuUrxvSWLQCprV0fZm/1uTfA:X4iHUhc0qziinAJ+ZvTQqQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
234b2c170dece8f6e741c448b5726db9

Files

234b2c170dece8f6e741c448b5726db9
.sys windows:5 windows x86 arch:x86

ad85e6b1b91bec6816306bdc3be69475

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDriverObjectType
RtlInitUnicodeString
IoDeleteDevice
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateSymbolicLink
ObReferenceObjectByName
ObfDereferenceObject
IoGetDeviceObjectPointer
IofCompleteRequest
IoDeleteSymbolicLink
IoDetachDevice
IofCallDriver
wcsncpy
MmIsAddressValid
wcslen
_wcsnicmp
IoCreateDevice
IoCancelIrp

hal

KfAcquireSpinLock
KfReleaseSpinLock
READ_PORT_UCHAR
KeStallExecutionProcessor
WRITE_PORT_UCHAR

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 215B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 676B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ