3ea1235737c09ed7a6dee19bf87d96a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ea1235737c09ed7a6dee19bf87d96a3
Size

98KB
MD5

3ea1235737c09ed7a6dee19bf87d96a3
SHA1

fa85134f20e8f67a517c654e5ecc2157e8840afb
SHA256

cfef465d849216ea3aa3dbc4533c6ceca763825bf0819d497a7b9cf4643baaeb
SHA512

a7d7911115875c11b9b9c15531d898b392e497dd8ef46449e4f8604ee133f7aa9fbeece6211f135153993ba743a8057baa4bd239dbed1b71f2495d8224d2c160
SSDEEP

1536:ulSek8LuKiiqblu4XQowWFyYvIfHqAx4YEp:tJiqE4fy+If7xi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ea1235737c09ed7a6dee19bf87d96a3

Files

3ea1235737c09ed7a6dee19bf87d96a3
.sys windows:5 windows x86 arch:x86

99038d721f39c54c0b4697958101410d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetRelatedDeviceObject
KeSetEvent
IoDeleteDevice
ObfReferenceObject
ExFreePoolWithTag
ZwClose
ObfDereferenceObject
memset
IofCallDriver

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ