6647dd977b3f076cbe76d9289a0559be | Triage

Sharing

General

Target

6647dd977b3f076cbe76d9289a0559be
Size

27KB
MD5

6647dd977b3f076cbe76d9289a0559be
SHA1

dd3925156a7fca989f4f123a23157eb0f645be1f
SHA256

75e3f7be81e9d49c13ff43b987207094f9d8b114048eaf6d54302ea30d89c250
SHA512

fec246a867b3d02c8ae5a9fc96bfa0f482ed8d363058bb10d0208e3f85a6e3815a85ad500d0b5d98ee4da0b5150785824d7d94fda6d33eec0d8e4b1fdfeab37b
SSDEEP

768:p5YMYz5hkDZTDpC5C637BLH+nAUIy1Nm:pbYzrkxgY2NH+nAZy1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6647dd977b3f076cbe76d9289a0559be

Files

6647dd977b3f076cbe76d9289a0559be
.sys windows:4 windows x86 arch:x86

fb0ba78ec632800969f59e5236bc8fe7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
wcscat
wcscpy
_stricmp
strncpy
ZwClose
RtlInitUnicodeString
wcslen
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
IoGetCurrentProcess
MmIsAddressValid
_wcsnicmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlCompareUnicodeString
ExGetPreviousMode
RtlCopyUnicodeString
_strnicmp
ZwUnmapViewOfSection
_except_handler3
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
strncmp
ObfDereferenceObject
ObQueryNameString
IofCompleteRequest

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ