4ec6c0a1c976be6e1c10bb94cb293cee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ec6c0a1c976be6e1c10bb94cb293cee
Size

40KB
MD5

4ec6c0a1c976be6e1c10bb94cb293cee
SHA1

18cf2fd40940c5e21466c60d00afcd08b5bc21d7
SHA256

43c4d1a11541927010e472fc53018b45667e12a898519c19ccfb4e9dee9c1b11
SHA512

d7eb7b8b1312f0406af6640da0e58080e65a750be2ca96f62268de2f67aa54a3f97515b077649c1abb867b8ce6574bb69402a3981e083584deccb6e9a0f10205
SSDEEP

768:rvdG78wLEg7TZEuq2O4HWDtW5nHvFe7kIAxzKLu9DD:rAW6muq2wtwPs7TwzKyR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ec6c0a1c976be6e1c10bb94cb293cee

Files

4ec6c0a1c976be6e1c10bb94cb293cee
.sys windows:4 windows x86 arch:x86

8eb0d950222ff4a8e95eca3e11f43721

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
wcsncmp
ZwQueryObject
ZwDuplicateObject
NtOpenProcess
PsGetCurrentProcessId
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
KeServiceDescriptorTable
RtlFreeUnicodeString
wcsstr
RtlQueryRegistryValues
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ