52d2a146dce1b355f3bf019b3dbb092f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52d2a146dce1b355f3bf019b3dbb092f
Size

25KB
MD5

52d2a146dce1b355f3bf019b3dbb092f
SHA1

02a1cb50e17ee0406094a94a7c5cbd523a8045ae
SHA256

f08ffd275f60085002e984b4e92ef745117613cf53553717c11d539abf29d636
SHA512

58e4b96fe173f1ec9b60bda948b40f22e161db6fa7e8fd799c594dcb9046f20c7dbf0f35484004cd210a280e782a909af8033107419f56be0867992bddb60f00
SSDEEP

384:WYFEhCe45EjfuLuC+6vd/n8YgoEBkgR1/PMSAyCeJzAcEH9EJbQBVE+qhPs:1FEhCeFjmLuFKJ8QC3OWZKcdvk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52d2a146dce1b355f3bf019b3dbb092f

Files

52d2a146dce1b355f3bf019b3dbb092f
.sys windows:4 windows x86 arch:x86

14bfeec4f06a8c826a524f0c688fa4b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
RtlInitUnicodeString
_wcsnicmp
wcslen
strncmp
RtlAnsiStringToUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
_strnicmp
swprintf
strncpy
ZwClose
ZwQueryValueKey
ZwOpenKey
wcscpy
_except_handler3
RtlCompareUnicodeString
ExGetPreviousMode
IofCompleteRequest
RtlCopyUnicodeString
MmGetSystemRoutineAddress
_stricmp
ObfDereferenceObject

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 920B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ