4a81971e9b673efadbda121ad1cf6190 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a81971e9b673efadbda121ad1cf6190
Size

12KB
MD5

4a81971e9b673efadbda121ad1cf6190
SHA1

cf8223b65003aea67e64432fc1ac85d575ec85f0
SHA256

c3293f41fe7c42df448125f125fdc89c7d9c086372cb05330831004a33ef4523
SHA512

ba2da50e4f4ba60a8be6891a25ff818e9c788f6d055f94c0fc8bc8fe29cfd6ef33d0b1b3c05f4112a8aa13173ce118361fb482718e7a61b1f8c1f5a280096b52
SSDEEP

192:9BMwUmT2xJR/FG3fNNkI8IpSLJZb4644a4Y+Fah4sYA+KU:9awUmYgfNNkpIk7b1jaj+FaWsb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a81971e9b673efadbda121ad1cf6190

Files

4a81971e9b673efadbda121ad1cf6190
.sys windows:4 windows x86 arch:x86

877556a274fdb9b6883e90ef317d2a8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeNPagedLookasideList
KeInitializeMutex
ZwDeleteValueKey
ZwSetValueKey
ZwDeleteKey
KeServiceDescriptorTable
ZwCreateKey
strncmp
IoGetCurrentProcess
IofCompleteRequest
ExDeleteNPagedLookasideList
ExInterlockedPushEntrySList
DbgBreakPoint
RtlFreeAnsiString
strncat
RtlUnicodeStringToAnsiString
ObQueryNameString
ExFreePool
KeReleaseMutex
KeWaitForSingleObject
ExInterlockedPopEntrySList
ExAllocatePoolWithTag
_except_handler3
ObReferenceObjectByHandle
ExGetPreviousMode
ObfDereferenceObject
strstr
_strupr
DbgPrint
wcsstr
wcscmp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ