731ca169276392ad860babb52e47241b | Triage

Sharing

General

Target

731ca169276392ad860babb52e47241b
Size

48KB
MD5

731ca169276392ad860babb52e47241b
SHA1

370f9f5ca79cd16475ca95decc05c0d63e591614
SHA256

064b755be16860ae6ffe4e737c59691fb99da0128d9ed15f04b091ad17c81f2a
SHA512

7fe2dece518c7b8d2ac3d2d8d6601c88ee643f21110ce52104bdd24b3d0e6a5b2dc800ffb4a7329f823bf4dd0e537926895ed9656f99a6b195cae1e6bcd0f51b
SSDEEP

1536:OEm58AHEdSX4XzxpFvuV82RdncLrkCPCgyvPFR:OEm58gU+4jfFvuO8dncLrkCQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
731ca169276392ad860babb52e47241b

Files

731ca169276392ad860babb52e47241b
.dll windows:1 windows x86 arch:x86

3b9c455d38038c3883ae6edf4b5a1e33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExAllocatePoolWithQuota
_stricmp
ObfReferenceObject
ExRaiseAccessViolation
IoAllocateWorkItem
NtOpenFile
IoDeleteDevice
IoFreeMdl
memset
KeInitializeEvent
KeInitializeQueue
ZwQuerySystemInformation
ExFreePool
ExRaiseException
memcpy
ExAllocatePool

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 401B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ