49281114f2b994c74166d501a0342de4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49281114f2b994c74166d501a0342de4
Size

2KB
MD5

49281114f2b994c74166d501a0342de4
SHA1

47c5f9a23b15dcf725f522b1c0f6f91bbb081a9d
SHA256

564d7d5afdce10edab37afb015fe58e3290c96dfcd09c2c846987e55202f61a6
SHA512

e9c69b161d46224ea9e88d4b57ee9795df50b52511511d7ba83be8c9c45272fc12cd578255fd626740f16b01fa1f372e1d3b19bcf8f831f39604fc6ba05327f8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49281114f2b994c74166d501a0342de4

Files

49281114f2b994c74166d501a0342de4
.sys windows:5 windows x86 arch:x86

e4473296bc144adb393d4522e7bcdce5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
DbgPrint
IofCompleteRequest
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 157B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ