2a40a94c0a2fe2c54c57ae6149740f03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a40a94c0a2fe2c54c57ae6149740f03
Size

33KB
MD5

2a40a94c0a2fe2c54c57ae6149740f03
SHA1

91ad493789191a17c5160df19caba47ed46f388f
SHA256

b99dfc9ac639a38768fda1be4d7e527883e6d749ba8e4cceda3c203ab0507a90
SHA512

fcc23e9f7d195d25586f7df576cc1f2bc8de593a8c72f09ec5b1e093ac9e3a1d58f731bdcfa4b02525922e81845fd03a27119c267d05f8090ccbd6d9737a5d5a
SSDEEP

768:UJr2yewVaRP9lwcTwhcxly2NgpzFGLKFz/aYT6SCrO4P0rBcV+yjtjemRkaIIsHl:AgwAl9XTw+xI2NgpBIKFz/aYT6SCrO4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a40a94c0a2fe2c54c57ae6149740f03

Files

2a40a94c0a2fe2c54c57ae6149740f03
.sys windows:4 windows x86 arch:x86

2865781e22c386d4d9929d30ccf6bafc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
islower
isxdigit
RtlInitUnicodeString
isupper
IoRegisterDriverReinitialization
strrchr
strchr
isprint
atol
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateKey
wcslen
tolower
wcscat
wcscpy
strstr
isdigit
isspace
toupper
MmIsAddressValid
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString
srand
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsSetCreateProcessNotifyRoutine
atoi
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_wcslwr
wcsncpy

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ