47607478df2f85dcb82fac3bfeab22a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47607478df2f85dcb82fac3bfeab22a6
Size

8KB
MD5

47607478df2f85dcb82fac3bfeab22a6
SHA1

5e15fb459c103ebb933ab2507b8b8abe2810862b
SHA256

79ea4f97ad71588c4cf2194568bc83e6f3fcb0efe8fb75e6fae4841e63581911
SHA512

bbdeb73239a847db64465a9d88f2f5e0ec7c34eeb2f30a36051dd0ba1eed4cd0c6d64f47f71a4668d03964f54c33f893d2beb48923cb9127364d219b0a830073
SSDEEP

192:2Qmxov/7qav5m1OsJWp1tRn5u0vqKq1p5N4mPmTdRM88x:2HcfpBuU0p5N4mPmh688x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47607478df2f85dcb82fac3bfeab22a6

Files

47607478df2f85dcb82fac3bfeab22a6
.sys windows:4 windows x86 arch:x86

f37e268d8a07c4a1b4f9ad9aeddedd13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeServiceDescriptorTable
ZwDeviceIoControlFile
IofCompleteRequest
memcpy
strncmp
strlen
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoGetCurrentProcess
IoCreateSymbolicLink
IoCreateDevice
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
_snprintf
PsGetCurrentProcessId
ExFreePool
memset
ExAllocatePoolWithTag

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 538B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ