2bf2bc85286231e48a0096e8a764d2be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bf2bc85286231e48a0096e8a764d2be
Size

29KB
MD5

2bf2bc85286231e48a0096e8a764d2be
SHA1

7eeb02cc809dc07d16a0563eaa342e16c0216ab7
SHA256

f86d5e62e84b39ebc8f313d0be23784cd6b16fd424c34d2719bd6c0277069ff4
SHA512

5fdf40334e70e3243293f70b8793bc2210876f54585dea14496a97203eed94b961537b1479b0a18b4f053781a6191e139c886045617ad6fd5966db8a64a6c112
SSDEEP

384:8iEJ+4K81rmgMMATmf2aBFhp+z5GxV4lQ+UQHMq7iRWQzC6799Sy69ee:XEnK9gMMAqf28FhpSGxVgeUpQm6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bf2bc85286231e48a0096e8a764d2be

Files

2bf2bc85286231e48a0096e8a764d2be
.sys windows:4 windows x86 arch:x86

f19c441d047826e0414e6a7f0621eb26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
RtlInitUnicodeString
strncpy
IoGetCurrentProcess
RtlCompareUnicodeString
strncmp
_wcsnicmp
MmGetSystemRoutineAddress
_stricmp
ExFreePool
ExAllocatePoolWithTag
MmIsAddressValid
wcscat
IofCompleteRequest
_except_handler3
ZwUnmapViewOfSection
wcscpy
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlCopyUnicodeString
_snprintf
ZwQuerySystemInformation
ObfDereferenceObject
ObQueryNameString
_strnicmp
RtlAnsiStringToUnicodeString

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ