3c27f61a36730fad3a6ac994d3779f2e | Triage

Sharing

General

Target

3c27f61a36730fad3a6ac994d3779f2e
Size

5KB
MD5

3c27f61a36730fad3a6ac994d3779f2e
SHA1

ba035ce11c48b1ad418b067c3b45dc102a3d4cf8
SHA256

7bf7988a37a4b5e7b959c6b3c5a97738653cda85a35aa52a9077947df08cf149
SHA512

8a4f2e4e82e3363a2d8d9f44dc508365b145488942368ed0d26e645dfb5dd82bf9ae0ef70f5e96d6c7d77e79389da1ab70f2079c8f46c9c370dbafbfd6b9ccf1
SSDEEP

48:SoleI75GBElE6XYJH1bLAXhDfZtn7JmzrOBx2Kp9MyqV7VwmRyA66bVVnTg9Rrg0:jl15GB76XVXln7arOH7MiAc1gjd2UA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c27f61a36730fad3a6ac994d3779f2e

Files

3c27f61a36730fad3a6ac994d3779f2e
.sys windows:5 windows x86 arch:x86

c609ce526b8ef0e7c12317e4fd5b7873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsSetLoadImageNotifyRoutine
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenProcess
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsProcessType
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
_stricmp
ZwClose
ObReferenceObjectByHandle

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 255B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 782B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ