5746c035e5b0f7a02c89183ada3eaa49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5746c035e5b0f7a02c89183ada3eaa49
Size

81KB
MD5

5746c035e5b0f7a02c89183ada3eaa49
SHA1

388da802066395e86ea7016bc686952dcc32db95
SHA256

dbbfe6d1dffd684f8d16c5894665fad8a74300e33397232a81036eaa241ddd35
SHA512

0b8ce5558e614fd1396d2e10686af997e27b194be2b7a1de4ddac4b7e50410e57945bf73523af1a3f94be74304f60ed60e15729066f8ee46cda4de19d2c562c5
SSDEEP

1536:u8WXA8651okehIrVDkggv1/Yxk5DK+1v6IujxdTZIwAwb9u7KpcaLTUfYQ:lWXA86nJCd/j6tAI9x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5746c035e5b0f7a02c89183ada3eaa49

Files

5746c035e5b0f7a02c89183ada3eaa49
.sys windows:5 windows x86 arch:x86

609283c7db9ec2b164e26fc9773199e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

HalHandleNMI
HalTranslateBusAddress
HalClearSoftwareInterrupt
KfReleaseSpinLock
READ_PORT_BUFFER_UCHAR

ntoskrnl.exe

ZwOpenEvent
isprint
ZwCreateFile

tdi.sys

TdiInitialize
TdiRegisterProvider
TdiRegisterNetAddress

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ