406bdb47ccf252c1fc0f107410ee4cb3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

406bdb47ccf252c1fc0f107410ee4cb3
Size

3KB
MD5

406bdb47ccf252c1fc0f107410ee4cb3
SHA1

3df9707152a952eb3833f56dae12b7aa86e9ace6
SHA256

eaffa929f2c53b0b802e57fbfb0036424aac255e732939e3046d902ce4459445
SHA512

4600a5402d29f85cd1f2e4c0708188def5fc2e1931a05a3593693de2f781b9f6e66b669c11c8c75f1b977fc99e14b04880489039ae2b94f9673b503a7a24db08

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
406bdb47ccf252c1fc0f107410ee4cb3

Files

406bdb47ccf252c1fc0f107410ee4cb3
.sys windows:5 windows x86 arch:x86

ef9bc15120c1fbce298afe5a81ee5190

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ZwTerminateProcess
ExFreePool
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
ObfDereferenceObject
KeInsertQueueApc
KeInitializeApc
ExAllocatePoolWithTag
ObReferenceObjectByPointer
PsThreadType
PsLookupThreadByThreadId
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
KeBugCheckEx

Sections

.text
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 750B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ