478ccd337e3f57c2b4c07d34a7c9951e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

478ccd337e3f57c2b4c07d34a7c9951e
Size

4KB
MD5

478ccd337e3f57c2b4c07d34a7c9951e
SHA1

398d2c901ebb12d44e3b817f99d0fa2641fcbec7
SHA256

8aea703e3544c68d6c57566ca16d22447cfd055ed0595fc84d484089c5d80f49
SHA512

438974a4862302b0542522e4b3d121b8baac73d886156681e8011051b3793d926a1ac04a3f47d39a15af46934a7cc672287b5f9a4e40b5940ef54017a380307e
SSDEEP

48:68wiMcpp1tXwBoQwjKmUfSXh9Ba/8co46cXIPYJiKpR/FnpJlVjiQB9CQaE4F:zMcpp1tXwBo7XUK7Be2atf3DiQB9CQaj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
478ccd337e3f57c2b4c07d34a7c9951e

Files

478ccd337e3f57c2b4c07d34a7c9951e
.sys windows:5 windows x86 arch:x86

b9f319d674c183a7e2eacbeea33c78e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoDeleteSymbolicLink
IofCompleteRequest
ZwDeleteValueKey
ZwSetValueKey
IoDeleteDevice
ZwOpenKey
ZwQueryInformationFile
ZwDeleteKey
ZwDeviceIoControlFile
KeServiceDescriptorTable
ZwSetInformationFile

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 448B - Virtual size: 426B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ