5710c24bc4b2e97cf090ed8287e1f4fa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5710c24bc4b2e97cf090ed8287e1f4fa
Size

24KB
MD5

5710c24bc4b2e97cf090ed8287e1f4fa
SHA1

619ab096491000e7ff0f5d875b43e18e613aaf1d
SHA256

23a2aaf028f03834bc90acf7c4bce3c22e19073273b80045388e272969187226
SHA512

5897857a14b93088bb7d2399afdef05acb69c0fcd622605e584bd2a606cf5484681d3ca53fa742ac0ce622b4fca02865ef1d1ff799d5530c5a3f1cbbc9443ecf
SSDEEP

384:i1/VM00e/8H5XDPyYXcdy/mGSW5bsQFcsBsgGNCfIeekzE:ifMh8YDPzXcqmTQmWGNCAzg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5710c24bc4b2e97cf090ed8287e1f4fa

Files

5710c24bc4b2e97cf090ed8287e1f4fa
.sys windows:4 windows x86 arch:x86

a71a8167618390f8973b5cd69d801403

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
_stricmp
strncpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
MmIsAddressValid
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
KeServiceDescriptorTable
PsGetVersion
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_wcsnicmp
_except_handler3
_strnicmp
MmGetSystemRoutineAddress
ZwUnmapViewOfSection

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ