51e457bb2c5d08b2a514ee7abfb9ade7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

51e457bb2c5d08b2a514ee7abfb9ade7
Size

44KB
MD5

51e457bb2c5d08b2a514ee7abfb9ade7
SHA1

a2611d7d5fb1b3e7aa10b2cc9e4c8fc37427ffc9
SHA256

f44be1c94908fdd4a6f98393f307e2e94000b973b18eccea9babcc961bc2adb3
SHA512

c1c4a3dbda533722508b9dad94b48841bb8525d4e454cdfc51357422e730e7fc05adb80dd98a583a713d5b58f982192a1c1ee475524420b3370b0636b0a7843b
SSDEEP

384:nWlfoA9SFA9h9amDNSpz0P3sYGRw60OkCLPgnC6kOWfb2:WZo/s0mDkpQPcbRj0KYnCMi2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51e457bb2c5d08b2a514ee7abfb9ade7

Files

51e457bb2c5d08b2a514ee7abfb9ade7
.sys windows:4 windows x86 arch:x86

147cc25575f8c67b9fc15aa596829797

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
swprintf
RtlInitUnicodeString
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
wcscat
wcscpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
KeDelayExecutionThread
ZwCreateKey
wcslen
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
_wcsnicmp
MmIsAddressValid
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsGetVersion
_wcslwr
wcsncpy

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 704B - Virtual size: 698B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ