29d24a4cfdfde224539ca7dc5b8033b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29d24a4cfdfde224539ca7dc5b8033b9
Size

26KB
MD5

29d24a4cfdfde224539ca7dc5b8033b9
SHA1

06a94762ec953728957368fa4cebf7f674aa5cec
SHA256

8fa5d48e45f21bc06204670df0a24d37edcb4a3ad4df80a5baa5c0a427f251ab
SHA512

32415a5dabb7e79dee7ea21dfaa1feb35a5250c939500eee681ba9a8051e533908d9b11e73780a80ef22a435c26903803227ec198cab45d46ca59bc6c7906105
SSDEEP

768:1jzuJWuIF3BYvcJB5EhuGLccuexZBJUnXod7FdSq84KHxhRE+DaUchcghk3xqB3t:lzyIF3BYvcJB5Eh5/6Z4t7WhS3ZTP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29d24a4cfdfde224539ca7dc5b8033b9

Files

29d24a4cfdfde224539ca7dc5b8033b9
.sys windows:4 windows x86 arch:x86

d52bd9203fc5b50866e745e5e1ed71f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
RtlInitUnicodeString
strrchr
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
srand
swprintf
tolower
atol
wcscat
wcscpy
strchr
toupper
MmIsAddressValid
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
strncmp
isxdigit
_wcslwr
wcsncpy
PsGetVersion
_wcsnicmp
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
ZwCreateFile
IoRegisterDriverReinitialization
islower
isspace
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
isprint
strstr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ