3d4c574f36adf942e9686f38e371ff61 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d4c574f36adf942e9686f38e371ff61
Size

27KB
MD5

3d4c574f36adf942e9686f38e371ff61
SHA1

247aaaae2e679b98ee82d34286773256a91d26d6
SHA256

75e7c251c84b3632a678b8ecc6c9fe6890a2ef935418fc983497da393249f069
SHA512

6d45f8edbc362b893a2ebf178725b565d6509e92c974b217d7916d5c4d3d8e0c112ab45a7d3e62032516df06e58cf4efa184a24720f2d2767cab34357ffaba71
SSDEEP

384:nAsX2UTtaEOjssFIUUQ9TL9I/uX+dErbaKPJ+aDJpIKLxZBIGRP3/fy0mb+X1:ZX1ta5Y3eLwLdEPJ5DJpIK1Z5RP3noo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d4c574f36adf942e9686f38e371ff61

Files

3d4c574f36adf942e9686f38e371ff61
.sys windows:4 windows x86 arch:x86

272cd9617f59d7b8dbb0cae6c0081785

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
_stricmp
strncpy
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
swprintf
wcslen
wcscat
wcscpy
_wcsnicmp
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwClose
ZwOpenKey
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlCopyUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 800B - Virtual size: 800B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ