2bcabe11c51af68a411d404eed9049c6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bcabe11c51af68a411d404eed9049c6
Size

12KB
MD5

2bcabe11c51af68a411d404eed9049c6
SHA1

3b55eeffdb132aaf9bde5215ce1ad1a695449013
SHA256

2d6c8f6be6ab99a36fcddefbcd2a45a40024eaebebc0f3a24008e42dbccd32f6
SHA512

da426d5dfa5956ebebaf4959d877d4261c9bf097a19c98aaa629d565af58a55ab5f8c18bf87a390a29ef9991883e82a95fc205f261b9d3da0d3532f361d6ac60
SSDEEP

192:GywZANV3mqVuvapc4N8WTXol6WClCvtP7QSqmGneeJ5UF8p+JImYS5NeVZqs9BE:d5L3mqg+KOolYCvtP7+kf5NtUBE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bcabe11c51af68a411d404eed9049c6

Files

2bcabe11c51af68a411d404eed9049c6
.sys windows:4 windows x86 arch:x86

f4f3b069512a914aaa7fe12fb74aa855

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeClearEvent
IoCreateNotificationEvent
RtlInitUnicodeString
RtlWriteRegistryValue
ExFreePool
strstr
ExAllocatePoolWithTag
_except_handler3
strncmp
IoGetCurrentProcess
DbgPrint
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeSetEvent
PsLookupProcessByProcessId
KeServiceDescriptorTable
ZwDeviceIoControlFile
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
strchr
RtlCreateRegistryKey
RtlCheckRegistryKey
PsSetCreateProcessNotifyRoutine
IoCreateDevice

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ