3bac7f21b73f19f77570b7877a7ab59c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3bac7f21b73f19f77570b7877a7ab59c
Size

27KB
MD5

3bac7f21b73f19f77570b7877a7ab59c
SHA1

93acf8f26e7d231061f317fba22c71ee6d71aae6
SHA256

79ee3a174a2dbbaf8179c1b9104b00cf612050dfeb5fd792a41542fe6e4174ba
SHA512

bf4a8ef8b25e9cec198c243549a884b887dbfc87cee33b279050b54d5ea77ecce3814be4a408ee9a1a70177523f0181bb8d9c9f9e7ea9e37d85c4c0b50f21bea
SSDEEP

384:GC2XmBPh0vsPbMmVxKWZ2swXtU6vvuSWUfwI2jMHakucY+Ohqz+JhKPeixYAWUe:GC1RhHXVxa9U6vreGicvOhMfKm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bac7f21b73f19f77570b7877a7ab59c

Files

3bac7f21b73f19f77570b7877a7ab59c
.sys windows:4 windows x86 arch:x86

27fc8bd3cca12b8a9e0be413b855d7fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
MmGetSystemRoutineAddress
wcscat
wcscpy
swprintf
ZwClose
ZwQueryValueKey
ZwOpenKey
MmIsAddressValid
_strnicmp
wcslen
_except_handler3
_wcsnicmp
strncmp
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
_stricmp
strncpy
IofCompleteRequest
ObfDereferenceObject

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ