492bae2cfc87d8439ec34f91304244ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

492bae2cfc87d8439ec34f91304244ff
Size

5KB
MD5

492bae2cfc87d8439ec34f91304244ff
SHA1

593c85adb27b4b819b05b2caa9329537e3c0355b
SHA256

1e9537c5d7558b1dd88a36d87bb664c00b4652e36ecce811517d1d98a5ea4b80
SHA512

851a69a2a4848e240de0d565538c7f3b8af58c88e52a4e666c456318aa050639a5ec0777b698624dd703e7673db650d22f88a0ecf4c54df84cbc8aeab23a45a9
SSDEEP

96:eNPv96oz5b8HuhT8UjMRolgA6Mv9hlm1zLFdeXQ:eJyHs7UolgBcb8deg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
492bae2cfc87d8439ec34f91304244ff

Files

492bae2cfc87d8439ec34f91304244ff
.sys windows:5 windows x86 arch:x86

0a34802f7cf163f3eba22e06480a39a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

rand
wcscpy
wcscat
KeQueryTimeIncrement
KeDelayExecutionThread
_allmul
ExFreePoolWithTag
ExAllocatePoolWithTag
PsCreateSystemThread
DbgPrint
IofCompleteRequest
IoCreateSymbolicLink
_itow
RtlInitUnicodeString
IoFreeMdl
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
wcslen
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
IoAllocateMdl
_strnicmp
IoGetCurrentProcess
ZwCreateFile
ZwWriteFile
ZwClose
_except_handler3
IoCreateDevice
KeTickCount

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 762B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ