733a6973d2be89e51cc368d267e0fef2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

733a6973d2be89e51cc368d267e0fef2
Size

16KB
MD5

733a6973d2be89e51cc368d267e0fef2
SHA1

4e15d70c4ebcd8e89a21a8684c389f15378e9484
SHA256

c6dfb3b8b7ddf9d198b212711960e6751fffa2287ff70747dbf26ee766cd5eaa
SHA512

3184d4b854505699b84b16245d6ed45fd1f64916b2483b1796cfac264c8902aa5eb274dafff2da667e4336935353491a872375340ac61557d09ea20f9709215f
SSDEEP

384:BFzLiL3YI5815DYjvcdN5goDJeRJE8zN1vde:BV15Dn5gIiSmN6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
733a6973d2be89e51cc368d267e0fef2

Files

733a6973d2be89e51cc368d267e0fef2
.sys windows:5 windows x86 arch:x86

13842a1078af2668d6a845208b1aa31d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
PsTerminateSystemThread
IofCompleteRequest
PsGetVersion
KeServiceDescriptorTable
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ