29a73f09c31f5b13a70f4f9fbd96987b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a73f09c31f5b13a70f4f9fbd96987b
Size

40KB
MD5

29a73f09c31f5b13a70f4f9fbd96987b
SHA1

cad8cd2552b37d51aef84286d5d5dfef63bc295f
SHA256

7b9658589a77497d6cd017bd7cbedee768470c7251f347529962093887038623
SHA512

b2d3b8175be5df74e6a0d862376d0ac4b32bf38587196c7accf2bb5d9e47f3f3631ae57f2e8b618d4ee9e6eabbb4133f43ce0be4a08ef7d011c1e8994a38514a
SSDEEP

768:RnG+JtzcQ2qZnOdinShYv5OHegIK+qVFs8DzxwWlnilZz:RnGszcwwW4PIK+OdXxwgni7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a73f09c31f5b13a70f4f9fbd96987b

Files

29a73f09c31f5b13a70f4f9fbd96987b
.sys windows:5 windows x86 arch:x86

d99cb8290a3e5708159976eb97bc9c04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
MmIsNonPagedSystemAddressValid
RtlInitAnsiString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
RtlWalkFrameChain

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ