75f27d8fddcc53fd67587664701dc814 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

75f27d8fddcc53fd67587664701dc814
Size

42KB
MD5

75f27d8fddcc53fd67587664701dc814
SHA1

c67630002d1776e4c85ddda6a91dc246a37f26cf
SHA256

e2c9510d3278b3b088a863df47bf3ad6964ea72a0622c7e626e3d21f705aaed8
SHA512

c8c9a4a4f09d30db7b90099e3c161e38b9df544d0e0f12d7c48db14bbc89234a201fc70c60ada16f45899fa2cf9ec8f4e0169a1b1291aaff42e98e5ce7d381a0
SSDEEP

768:TS9zhmFxbfd0mSTfc64CXGXYP1Z3a043zP20GSlGAL2oHFEi/pWGA20RGKW5IJNb:TSHmFx2mqfh4CGQ74S0NAcEi/Yxzwp5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75f27d8fddcc53fd67587664701dc814

Files

75f27d8fddcc53fd67587664701dc814
.dll windows:5 windows x86 arch:x86

e84b068c101559781dcb8627f064a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
IoGetRelatedDeviceObject
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
_wcslwr
ZwOpenDirectoryObject
ZwSetEvent
_vsnwprintf
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeAttachProcess@4
__KeDetachProcess@0
__KeStackAttachProcess@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ