57866f50bbc0eaae3fc59a7f99085cbc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

57866f50bbc0eaae3fc59a7f99085cbc
Size

3KB
MD5

57866f50bbc0eaae3fc59a7f99085cbc
SHA1

ba2156c5ec1ab12a4b4ab8f40e623bb15d350cdc
SHA256

c236ab1281b9cd1acb06a0471591ac2357005d3b55dff892747216d51a494aba
SHA512

e67e6c9fecb5e1c6ef951d5cd0c7ab5da3830334b53516ff087a12c6561d0c3c3b408a84507d62038e5633fc9a1268a1697119632665bc7e0700cf3d4330eab4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57866f50bbc0eaae3fc59a7f99085cbc

Files

57866f50bbc0eaae3fc59a7f99085cbc
.sys windows:5 windows x86 arch:x86

2838991d8c7059d7512c7de70bf2db25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ZwTerminateProcess
ExFreePoolWithTag
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
ObfDereferenceObject
KeInsertQueueApc
KeInitializeApc
ExAllocatePoolWithTag
ObReferenceObjectByPointer
PsThreadType
PsLookupThreadByThreadId
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
PsGetVersion
_except_handler3

Sections

.text
Size: 896B - Virtual size: 834B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 682B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ