4e79bdb1c802b70cf8b9b2f89f4f1097 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e79bdb1c802b70cf8b9b2f89f4f1097
Size

3KB
MD5

4e79bdb1c802b70cf8b9b2f89f4f1097
SHA1

9525a85de74c5fa44eab7e6dfa70fd97a5f9526d
SHA256

504cb80d03a12178c1a9c7c144cd6ae76862bc0003508c0a78c900304a5e6505
SHA512

d20ea478855dd9cd5456711778df89f65c8ff7c9daa571529ad73d84300b6542c9a68f04cd3381a6eea04407f2ad67746518f6345764c11301e1981cc49c13db

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e79bdb1c802b70cf8b9b2f89f4f1097

Files

4e79bdb1c802b70cf8b9b2f89f4f1097
.sys windows:4 windows x86 arch:x86

3a040ab85b3cf69302b3c7715126b48a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
strncmp
strlen
IoGetCurrentProcess
_except_handler3
ZwClose
ZwSetValueKey
ExFreePool
ZwCreateKey
RtlInitUnicodeString
wcscat
wcscpy
memset
ExAllocatePoolWithTag
_snwprintf
ZwEnumerateKey
ZwOpenKey
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 480B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 586B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 224B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ