4baf8e5863b6c38d353c0c52e3f4e8ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4baf8e5863b6c38d353c0c52e3f4e8ea
Size

5KB
MD5

4baf8e5863b6c38d353c0c52e3f4e8ea
SHA1

90fff7c6fc533ef083f5081dc1309a63e28c1d97
SHA256

101af30241ded1544f4c488b2476a0715bb2c7b5d67003895081bcd65698e41d
SHA512

17bfac3ee5c05d2ed4f256266d772daac4712adfc20342d1e5ab11f066cb4dc6d679295850e61d08c647cb550278e6d1eb129ec7f90db66fbf1c2b9967c3fc2f
SSDEEP

96:p9XpCHaKg6oQLHEWd7u7rxUbMbHj/eUmN+b:vp+xLk8Crx+fI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4baf8e5863b6c38d353c0c52e3f4e8ea

Files

4baf8e5863b6c38d353c0c52e3f4e8ea
.sys windows:4 windows x86 arch:x86

31d3a5218f32ac3d7392712dd1159a5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
wcscpy
ExAllocatePoolWithTag
wcslen
ExFreePoolWithTag
KeGetCurrentThread
_wcsicmp
_strnicmp
strrchr
ZwQuerySystemInformation
ZwAllocateVirtualMemory
wcsrchr
wcsncpy
PsSetLoadImageNotifyRoutine

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 352B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ