4f7e13d38b88aa762fa6d293821dc4fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f7e13d38b88aa762fa6d293821dc4fd
Size

14KB
MD5

4f7e13d38b88aa762fa6d293821dc4fd
SHA1

6ec0f4e7c96a0838adeb1f14c4c552a5ebc92ca2
SHA256

ca8dbb42c3acab2c8a8367a4136ee0b527303f329162f661de2c6a9f17eaacf7
SHA512

954935a5653fd9cf6981e2de5df7255ad6589e273d392729607f8a3cc496c40a9c241647bc902333e66536623826c08c49a27b55808a23773cd5287ed82a4974
SSDEEP

192:3yESSSSSSSSSqYy8HWdOYYMtvpGOL3YQR50Fjv8d6Sf3:37ZIWdOYYMKOL3Hr0Fjv8d6Sf3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f7e13d38b88aa762fa6d293821dc4fd

Files

4f7e13d38b88aa762fa6d293821dc4fd
.sys windows:4 windows x86 arch:x86

e4371a5d327539cb99ff4c2a435da37b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwReadFile
IoCreateDevice
IoDeleteDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
RtlInitUnicodeString
ZwQueryInformationFile
ZwOpenProcess
ZwDeleteFile
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
RtlCompareUnicodeString
NtLockFile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 496B - Virtual size: 488B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ