550951477046f690af7c584155e905e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

550951477046f690af7c584155e905e2
Size

10KB
MD5

550951477046f690af7c584155e905e2
SHA1

462cae163e69caf1a22111a67c626bf36257d5bd
SHA256

27d0eb37f70ca665f7a64cd817eccde18dd4a70a4c526060662d520d658d1800
SHA512

60e80d0df9ca7bb0062d0e1be8b18bca874bbac68ba46772f61d6d578e6e8b5f8c66b83976b6262877ce8f41ccd3f0fe1a44e9f5b2e0bc31c2af196f4ddfae6f
SSDEEP

96:oiTaon0D74xa/5+VW9MbD5fyOVGqQvNuspLXfoqFu:RaoZxw5+VW9+59gBwqFu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
550951477046f690af7c584155e905e2

Files

550951477046f690af7c584155e905e2
.sys windows:5 windows x86 arch:x86

ee708decca95f815d6ce34421d1a3e2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeMdl
MmUnmapLockedPages
ZwMapViewOfSection
PsGetVersion
_stricmp
IoGetCurrentProcess
tolower
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
ObfDereferenceObject
ZwAllocateVirtualMemory
RtlInitUnicodeString
ObReferenceObjectByHandle
MmSectionObjectType
ZwPulseEvent
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
_except_handler3

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ