28e90634d0700e9cf8a6691fe9466dbe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28e90634d0700e9cf8a6691fe9466dbe
Size

27KB
MD5

28e90634d0700e9cf8a6691fe9466dbe
SHA1

8d4662f7016f799855acdfee531427afeca765a1
SHA256

94023a72c7691cb1e9fe6a191a1af812edd98b784492dfef23b3529bb8297187
SHA512

d2938c226c769443f0fdb1ac0801b59b8328d9029adf5b8aa93d5bddf99b4f72f60e7be821f8ff54eee91be139978c8646a96c31cccd880ded1c09b9b381c3e9
SSDEEP

768:rS/XQPmjkpiEtNSkmLkMuW9yc5exxxzr7ei4hMnga4Zu8yqhFt+fwwtqCgHPkzCQ:EXQ6AiEtNSlwMkbBoZus9HP1Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e90634d0700e9cf8a6691fe9466dbe

Files

28e90634d0700e9cf8a6691fe9466dbe
.sys windows:4 windows x86 arch:x86

c68064044b9a132bf37760474a9ef2a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
strstr
isdigit
strrchr
atol
isupper
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
islower
wcscat
wcscpy
isprint
isspace
tolower
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
PsGetVersion
_wcsnicmp
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
ZwCreateFile
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
srand
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ