7777e8a0e924f3a21fb466953928562b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7777e8a0e924f3a21fb466953928562b
Size

7KB
MD5

7777e8a0e924f3a21fb466953928562b
SHA1

32ee4e066553cd12ad09f76e7996bdf9adc98cfe
SHA256

fce6a2bcc6fe13de8b372167a38d5624988ceeca1e3e5b4412855645981058fd
SHA512

1b954c1b527b382cf6649f4e2a84160513a13bdf399e68e87fe23e3caa9632a0e19b5ca92879720bbf7a64f2ccc06d447e3fc844f7f32b7d8cd7942c68679a9c
SSDEEP

192:mfB0M0Ro5N7UHze6tADBbfTPK489ESDnOJV0Duldp:oB0M0Ro55UTeqwrQ9XDnOJVguld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7777e8a0e924f3a21fb466953928562b

Files

7777e8a0e924f3a21fb466953928562b
.sys windows:4 windows x86 arch:x86

34dc5fca9c38e4b8407bbdfbcfcb5f31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncpy
tolower
MmIsAddressValid
NtLockFile
ZwCreateFile
RtlInitUnicodeString
KeServiceDescriptorTable
MmGetSystemRoutineAddress
ZwTerminateProcess
ZwOpenProcess
IoGetCurrentProcess
memset
PsSetLoadImageNotifyRoutine
ZwAllocateVirtualMemory
ObfDereferenceObject
KeDetachProcess
strcpy
KeDelayExecutionThread
KeAttachProcess
memcpy
RtlCompareMemory
ZwClose
ZwOpenEvent
NtBuildNumber
PsCreateSystemThread
strlen
wcsstr

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 730B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 416B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ