5af17af4cead4c92e49c0c2a874f9ffe | Triage

Sharing

General

Target

5af17af4cead4c92e49c0c2a874f9ffe
Size

23KB
MD5

5af17af4cead4c92e49c0c2a874f9ffe
SHA1

f70c04aef8699cda268b14904882b3ceb645084a
SHA256

b2ee62f3874a217d242976b3888a6175b1b7e80e31f1b50ba288c07a2f984452
SHA512

5099e7f4bc974a75b41a458532e945808b07c5f5da474fd4cdf8a8554fa3c654e31651d2252b3ebf493bbfbfc2166e3c619205d1cb1bd9602135e41447726385
SSDEEP

384:gjwSDeaQWmrWka6vO49L5I+1KOXspswvtOpyYmq+y:g7aI6v19FhgApMxHxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5af17af4cead4c92e49c0c2a874f9ffe

Files

5af17af4cead4c92e49c0c2a874f9ffe
.dll windows:4 windows x86 arch:x86

7293d592a24259a3750eecfe0457d08d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

_except_handler3
ZwClose
ExAllocatePoolWithTag
ZwQueryValueKey
ZwOpenKey
ExFreePoolWithTag
memmove
wcsncat
wcscat
wcslen
wcscpy
ZwQueryDirectoryFile
ZwOpenFile
ZwCreateFile
KeServiceDescriptorTable
ZwQuerySystemInformation
ZwEnumerateKey
ZwCreateKey
ZwEnumerateValueKey
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
wcsncpy
wcsrchr
_wcsicmp
_wcsnicmp
strncmp
IoGetCurrentProcess

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ