50469c6248153ae3751f3d5a5bc50514 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50469c6248153ae3751f3d5a5bc50514
Size

14KB
MD5

50469c6248153ae3751f3d5a5bc50514
SHA1

395abe8aaf8bac8f71e0898e151c33209a9b12fb
SHA256

e5ba75dcc2c99def9c9958d77c76079596f5f69867481b56275a5b2f36519209
SHA512

ff6ed8f64c2c6e5cced4d85b88d170948976264bbc162bce7008779bbde7cbec818d9efa68819dadd29eeafffcf712b460279f27657825d32d370127295b72cf
SSDEEP

192:De88HBolHv3sXl40qNWSYQUrwV+PbcIq:DpIyxv3s1OHF0bcIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50469c6248153ae3751f3d5a5bc50514

Files

50469c6248153ae3751f3d5a5bc50514
.sys windows:4 windows x86 arch:x86

9e2d17f9e72933015a1730a413492b0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryInformationFile
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
ZwReadFile
RtlInitUnicodeString
ZwOpenProcess
ZwDeleteFile
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
NtLockFile

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ