38049d02b733b3ddcf3abded7291b3a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38049d02b733b3ddcf3abded7291b3a4
Size

4KB
MD5

38049d02b733b3ddcf3abded7291b3a4
SHA1

dbcc9b70fcab7fca50e4539fc08fd5dade5e0c09
SHA256

585a76a6cab95988b67df022efe828fac71ea72c9e0429d87d89dea052ce792b
SHA512

9221b1038957a8445caca7aa7eda63410245ba7c8eb709248a8234c322de1200fce5f7299da6c871ba31dae1c2ff1657fc5b25ee84d576772ab3147dbe8291ec
SSDEEP

96:tByhTshf+/WQbu1JNcFfViazHbZNJiOre0TdIVBAs:taqfMyePiCHbLdhyzP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38049d02b733b3ddcf3abded7291b3a4

Files

38049d02b733b3ddcf3abded7291b3a4
.sys windows:5 windows x86 arch:x86

e23557627b12671743968eb609429289

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
strncpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeServiceDescriptorTable
ZwQuerySystemInformation
ZwQueryDirectoryFile
RtlCompareMemory

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 364B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ