54a835636c100345d18ab41261c17f58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54a835636c100345d18ab41261c17f58
Size

16KB
MD5

54a835636c100345d18ab41261c17f58
SHA1

2d448cb3f390a7dd8a1cf2da3bb33d551100dc40
SHA256

bdbbbad9dab5e93c26d4190b347d5567b38390cec647ce2c45e00f718eb85b0f
SHA512

2e207c911766ab0cfb59e88138aab433148206fd5d6252bdbf4919032f37d81c01dfccea542573e106e9aee11f807f03a36b48fe76fcabf7e18c7660b1858da3
SSDEEP

96:bBOx4a/CkS+wDO657zD3AjvtGDxzgE0zJco2oEPrrO3Kv3C5zGWVHCZbbvvhTYsi:0r9S+dG3Y2xsT5MdgUQOccllW35kk9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54a835636c100345d18ab41261c17f58

Files

54a835636c100345d18ab41261c17f58
.sys windows:5 windows x86 arch:x86

cfd699d0ba646297b082df8082549e2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
PsTerminateSystemThread
IofCompleteRequest
PsGetVersion
KeServiceDescriptorTable
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ