447bad1076f38449c93d8145daaeb410 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

447bad1076f38449c93d8145daaeb410
Size

49KB
MD5

447bad1076f38449c93d8145daaeb410
SHA1

50775da5a827b7fa32a899c3bb0134286c48c046
SHA256

6c64d2e736ec4f12e0808a4f510bf6a51afaa1cab08d26d2f340ca959cf807dc
SHA512

e0eb73670a489ffe9bb84ec6ff493c1d41e7e08abdde31760a94ca4fe9af6b07c9e625da678d701de5dca293494be5180f7bd2093628a6132647a690e4f0adec
SSDEEP

768:/Lz4LdTriDj8avu+DHD218P38VEoqO746:/LELdqXLu+Dj21S4EoqO746

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
447bad1076f38449c93d8145daaeb410

Files

447bad1076f38449c93d8145daaeb410
.sys windows:5 windows x86 arch:x86

cf17b657b68e6d597346bebf7746e866

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ExFreePool
IoDeleteSymbolicLink
IoDeleteDevice
ZwEnumerateKey
ZwDeviceIoControlFile
ZwEnumerateValueKey
ZwQueryDirectoryFile
RtlCompareUnicodeString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeServiceDescriptorTable
ExAllocatePoolWithTag

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ