44045179cb0c548b1fb4e8d6b35c1124 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44045179cb0c548b1fb4e8d6b35c1124
Size

6KB
MD5

44045179cb0c548b1fb4e8d6b35c1124
SHA1

363d6a60249b6be6b13b8c8c0ac3382c18cbd76f
SHA256

37ebba55ce21d2d4ae47f6b35d3e0543d08a77ee6a545465c0631e9faff910bb
SHA512

9342b4f07deb0adfc9c7fb5504cec4a7d359c99139a8b959c4e6ec0549f4131c8a1bc75a87741891ff8e00afd654ff662fa6f25f58a5173b11f60fc3426b0b96
SSDEEP

48:S+b1CGfegsw6kxH3StR4ZuSl1OiJVV0hjoVnmiTgCnZWVVd3RxsGdA2TqYKEOF4S:F0w3x44QSlYiuqmmnAFPOkCLW6x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44045179cb0c548b1fb4e8d6b35c1124

Files

44045179cb0c548b1fb4e8d6b35c1124
.sys windows:5 windows x86 arch:x86

336e30e8c77728cb2b2682b9b7662ede

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
PsLookupProcessByProcessId
RtlImageNtHeader
wcsstr
_wcsupr
IofCompleteRequest
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoDeleteDevice
IoDeleteSymbolicLink
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ