44d45fa464b0ed67b1d01ff89c027989 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44d45fa464b0ed67b1d01ff89c027989
Size

20KB
MD5

44d45fa464b0ed67b1d01ff89c027989
SHA1

9367cc525d273643e92ba6c81e6f3d2492df0ff8
SHA256

cf2ce4e3e84a505ea5f6a0e83434ab54158d2ecda15acff87448610b0fd1e534
SHA512

52a50ae408281125c8a15f7d654a4c1432f1db1945a15d5398546c6b96c748a03e292d0cf36ce5bd8dffbe53548fc34b56b643382c05b172d9df275a13cc0751
SSDEEP

384:x6yUxoiIHfZ6FQJX9BU7Qy5KWyXt3/GNvf7fioM3Tg1M:YRoPXIc1/GNz2g1M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d45fa464b0ed67b1d01ff89c027989

Files

44d45fa464b0ed67b1d01ff89c027989
.sys windows:4 windows x86 arch:x86

b63692ba59f2590d69b5ef42e4e71263

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenThread
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
ZwSetValueKey
ZwReadFile
ZwQueryInformationProcess
ZwQueryInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
ZwOpenProcess
ZwDeleteFile
ZwCreateKey
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
RtlCompareUnicodeString
NtLockFile
_strnicmp
PsLookupProcessByProcessId

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 816B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 606B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ