63eb04a723a38f8c332a934cbc6cc70c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63eb04a723a38f8c332a934cbc6cc70c
Size

27KB
MD5

63eb04a723a38f8c332a934cbc6cc70c
SHA1

7fae7a6cf3e14a5ad140107e3879dd4e453cb78c
SHA256

44a7f9ab5a6cc7029892669519b24536552650af446fdd60317d0c9bdf2f27d2
SHA512

ba3e12616af7b248797259bb0f735d19611cf506bb146ddd4904a3da42e2a0064cedbb68ded3e1d9c02cef91cd52b8d767fde8193ddebd5d0aadfc05cfc401c2
SSDEEP

384:gIg/lPf2reeP0/n9J6WZL5TZvS2yLt6LBmjk:PgdmRcP9/L5TZvRQ8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63eb04a723a38f8c332a934cbc6cc70c

Files

63eb04a723a38f8c332a934cbc6cc70c
.sys windows:4 windows x86 arch:x86

784de2f123da342b2316813e01a4a1a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
swprintf
wcscat
wcscpy
_stricmp
strncpy
strncmp
IoGetCurrentProcess
wcslen
RtlInitUnicodeString
MmIsAddressValid
ZwClose
MmGetSystemRoutineAddress
_wcsnicmp
ObfDereferenceObject
ObQueryNameString
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
RtlCompareUnicodeString
_except_handler3
IofCompleteRequest
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ