2a96a94bc0686fb0931e6b071bc07f3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a96a94bc0686fb0931e6b071bc07f3b
Size

19KB
MD5

2a96a94bc0686fb0931e6b071bc07f3b
SHA1

612758e4320c70f736724aaee6cb07d7be7386b1
SHA256

9ee9b9c32fbad2ce2f456fe255a774bb2ee60500073bc948a01e9f40a4f90eb7
SHA512

00dab408b8e0bc503c26ce0bfb3ecb60021b276ede7edc7a75ea97b6caa2343b401318f6f225ba7c10f83590aa4ad850a2c30cba41628dd31e8c3fa4c21e7c81
SSDEEP

96:ceFPYNMl28hnx5mHJS7YcwaJYwv8dhNiNhYN/e3uoeysC:vuNYHxQg7YcRJYwYah4/egys

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a96a94bc0686fb0931e6b071bc07f3b

Files

2a96a94bc0686fb0931e6b071bc07f3b
.sys windows:5 windows x86 arch:x86

6cd117441379f626482feeb81c0e5e52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
ZwClose
atoi
strchr
strncat
strncmp
ZwReadFile
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
strncpy
strstr
RtlCompareMemory
RtlUpperString
RtlInitUnicodeString
ZwDeviceIoControlFile
ZwQueryDirectoryFile
IofCompleteRequest
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 690B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 544B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ