54d901bf887654fc8c5b4d32889b36b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54d901bf887654fc8c5b4d32889b36b5
Size

27KB
MD5

54d901bf887654fc8c5b4d32889b36b5
SHA1

d93f667f2cc61020f627e71ea476de7cba248117
SHA256

cffe4b81e0726cedb819779d5554f5659a174682618ddca2548e70ed552f46a8
SHA512

1416345286e01d244bdbfb72d27ba518e7c16b8a5263a839c37b30524125713be8e85ce678df498d68ce5e9b860669a411afb898d044101b80b07f3674e86ad3
SSDEEP

768:LAtN+sMdQc5yL9QGmBVwAhAbQK/CFVceHiGy0X5TVk:LYSdDyL3GwAhAbPIPiGTV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54d901bf887654fc8c5b4d32889b36b5

Files

54d901bf887654fc8c5b4d32889b36b5
.sys windows:4 windows x86 arch:x86

006c6b73b96fa67e40cd05db241cd336

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlInitUnicodeString
_strnicmp
swprintf
wcscat
wcscpy
_stricmp
strncpy
ObfDereferenceObject
RtlCopyUnicodeString
strncmp
ZwClose
ZwOpenKey
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ