39e2e5c0edf90d986d518759326fff01 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39e2e5c0edf90d986d518759326fff01
Size

3KB
MD5

39e2e5c0edf90d986d518759326fff01
SHA1

12b62120ad1df5131c7ed00cd281d160123dc50c
SHA256

994457c54773ee5078be2c917cbf57dbd1932f05837c82e1f91265399786c536
SHA512

e57fe3dc63d8afdb89be49ea65324d0a8cfa885cac58eafe8865252261b2d185d4a3da952b2c21c7d5fd6973ab3028688fef4ad195787a67c0cb47723bdba637

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39e2e5c0edf90d986d518759326fff01

Files

39e2e5c0edf90d986d518759326fff01
.sys windows:5 windows x86 arch:x86

cb70b6602d893162abc0ed8af3f4e188

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
ObQueryNameString
IofCompleteRequest
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 562B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ