4c8c53f797d4fa7852bd41d0d788baee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c8c53f797d4fa7852bd41d0d788baee
Size

18KB
MD5

4c8c53f797d4fa7852bd41d0d788baee
SHA1

162b1c8d771d9595312bb9fafceed1948760b6f2
SHA256

4ee6833eefe7602300bfc962659822f0e023c752d5100fc77d3aa8300d6f2c14
SHA512

c699dbe5e5de98df5b22f83b49944486412f1db4139f979849b666135a3818ff9661b23967f142b9d74dbe23f12e6b3911ace4fe07ffefb44d25e65610ad61db
SSDEEP

48:qnxhs/wyf3j1rAulGY6nY2tRQ0AayFj8o6KFGd4OFz8HZvqYSoDaYHXURy6EczRi:x4yfzhNoY6Y2tvA8QUSw8HzDawXUzPz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c8c53f797d4fa7852bd41d0d788baee

Files

4c8c53f797d4fa7852bd41d0d788baee
.sys windows:5 windows x86 arch:x86

9c54c1d673ff1d86c9efb52aa9ca55b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ZwCreateFile
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
IoGetCurrentProcess

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 928B - Virtual size: 913B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 96B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 288B - Virtual size: 258B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ