51d7aa4ed0b823ffb3122e9790bd423f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

51d7aa4ed0b823ffb3122e9790bd423f
Size

16KB
MD5

51d7aa4ed0b823ffb3122e9790bd423f
SHA1

555bf40bef0d4d5d516221fad119a74c4a42d5ff
SHA256

dd473f39900eb993d5ea2f43ab8e96b75c568a2d7944b3331e46328d54be6159
SHA512

77cc91fd2c9ef91421a04e3a9a382d5aea2fb78164e26d08bd75fa9b3f790a43c08347c28d1241d9a88fb1f8f6c18ff8d0f9b2e8ac0b10d2dcb49ee9db66c630
SSDEEP

384:A8iG3Bf5ZQ7OEu88pUxDABEWcIjbaAzZKsAmFptvpJ9sOpUjj:ME88pmbWcWzZKih1sj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51d7aa4ed0b823ffb3122e9790bd423f

Files

51d7aa4ed0b823ffb3122e9790bd423f
.sys windows:5 windows x86 arch:x86

cfd699d0ba646297b082df8082549e2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
PsTerminateSystemThread
IofCompleteRequest
PsGetVersion
KeServiceDescriptorTable
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ