5af1a86a98002e7b0a30286d107a9b9a | Triage

Sharing

General

Target

5af1a86a98002e7b0a30286d107a9b9a
Size

28KB
MD5

5af1a86a98002e7b0a30286d107a9b9a
SHA1

55fe2546eb73f2223e78198d5782a0839a32d511
SHA256

e08d1d665a1459043813e7edf9de5c7ca6d01699cf01eb195ce0112270a1b1e0
SHA512

15c5b8b8a9f790c8bf17fd91758fa2ca6b1e18132316d28e22d715f283ce08f4eb285bb22fb19a19233db67b3a54ae0ff4d21eaec12693f96917c7b0395cb7e1
SSDEEP

768:V4vIG4ClIm2U1dYyBCRUlHp/tSvqs39CkqNjB/tKKh6LHLJUv:uvIbJU/1BCqlHThkclB/t0JUv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5af1a86a98002e7b0a30286d107a9b9a

Files

5af1a86a98002e7b0a30286d107a9b9a
.sys windows:4 windows x86 arch:x86

420a84bd41632989e8764f6cc3e749bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
wcscat
wcscpy
RtlCopyUnicodeString
RtlInitUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
strncpy
_strnicmp
_wcsnicmp
_stricmp
MmGetSystemRoutineAddress
strncmp
ObfDereferenceObject
ZwClose
ZwOpenKey

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ