4c9ea74b7ded9828f9ffd487f4d58f4c | Triage

Sharing

General

Target

4c9ea74b7ded9828f9ffd487f4d58f4c
Size

21KB
MD5

4c9ea74b7ded9828f9ffd487f4d58f4c
SHA1

47652a26ce098938337dd58d724906b2ec199645
SHA256

d00d0fa33a23e44959f7c97deac88e0fa3939642be3e73293603687f9dff0ce8
SHA512

afe18f15c3029849feeeb8a0ae47632975b2b86cda1bc065ccfa57256f686e35d9c508ff2273fc9662e0429317e4ca3d51f060892a9e2852439a37572f16c86e
SSDEEP

384:jBKVgoAdi9nG3upevIOpmr82YpkhayUG1n4HNm52gnWKvUSo:y1I3up4IOpmr9Ypkh7xn4HRoW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c9ea74b7ded9828f9ffd487f4d58f4c

Files

4c9ea74b7ded9828f9ffd487f4d58f4c
.sys windows:5 windows x86 arch:x86

80644f07bab2174859fbfd77c48f30aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitAnsiString
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlValidRelativeSecurityDescriptor
RtlIpv6AddressToStringA
ExAllocatePoolWithTag

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 247B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ