5574a51ed51c0ff956c2233e032fbb99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5574a51ed51c0ff956c2233e032fbb99
Size

27KB
MD5

5574a51ed51c0ff956c2233e032fbb99
SHA1

0d2cddb6a0d827a8b14279f6a5f299f9f04005e3
SHA256

c558980a6518dde0b0f02497e63edb2a64cd5165d9b87d420c99615d605fb290
SHA512

41f2c3a8b4e41784060212b2889fe5d774c120b8d7d2b3c2ff28d5c3796350523f442e3372c6927f69c555098b5cfcbf3c608ad67d03769196ba431cd0db8529
SSDEEP

768:LLLF/Bj8x+sUR2xejyzydwok+sjlJI4RG:fmFURRyGqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5574a51ed51c0ff956c2233e032fbb99

Files

5574a51ed51c0ff956c2233e032fbb99
.sys windows:4 windows x86 arch:x86

216f89f65528df32cd749930fc0e31c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCopyUnicodeString
MmIsAddressValid
ZwClose
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
IofCompleteRequest
wcscpy
wcscat
strncpy
IoGetCurrentProcess
swprintf
strncmp
wcslen
_except_handler3
RtlCompareUnicodeString
ObfDereferenceObject
ObQueryNameString
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
_strnicmp
_stricmp
_wcsnicmp
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ