4cf002206e4da505361e9516057c3128 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4cf002206e4da505361e9516057c3128
Size

47KB
MD5

4cf002206e4da505361e9516057c3128
SHA1

debf74f4c56f4c5e7d6c9cdc03d55122484da917
SHA256

913605959ed649fee06d89f18883f74bba9cc8f119e9a351e9c4622de7e2d3e0
SHA512

3aa1fdf88c0f2253e15873a05585a85b50c63e496378c05abda0175f200cc8fae1f07d2ace7ecec6bb159f8dab2ef6355a9ab52148007bf3f282c3aadd6a6411
SSDEEP

768:9yZLeAfWnoylZeUD+LeiG5313IubzBObK:9ZAaXFBs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cf002206e4da505361e9516057c3128

Files

4cf002206e4da505361e9516057c3128
.sys windows:4 windows x86 arch:x86

2fadf2e95777c2456066a1a5a0b7b032

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsSetCreateProcessNotifyRoutine
RtlInitUnicodeString
wcscat
wcscpy
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
ZwCreateFile
IoRegisterDriverReinitialization
PsGetVersion
_wcslwr
wcsncpy
MmGetSystemRoutineAddress
MmIsAddressValid
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ