786765e532cdb46b9beb38b155c12915 | Triage

Sharing

General

Target

786765e532cdb46b9beb38b155c12915
Size

27KB
MD5

786765e532cdb46b9beb38b155c12915
SHA1

3fb0ded91fdb523f04a6462551db59b440368399
SHA256

75178aca8dc1fca9a4c53a4652071b541a357bcab3246aad16afe65c89ca6f54
SHA512

e0e6c2e8c2cfbbf3b3fa326a89c06be606f12a2158f00e82fd81889098208acded9a1e5892abd6a4f767b416abc25df23a9ed44628bff63fddb00836b696b68c
SSDEEP

768:iLF/Bj8x+sUR2xejyzydwok+sjlJI4RG:imFURRyGqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
786765e532cdb46b9beb38b155c12915

Files

786765e532cdb46b9beb38b155c12915
.sys windows:4 windows x86 arch:x86

216f89f65528df32cd749930fc0e31c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCopyUnicodeString
MmIsAddressValid
ZwClose
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
IofCompleteRequest
wcscpy
wcscat
strncpy
IoGetCurrentProcess
swprintf
strncmp
wcslen
_except_handler3
RtlCompareUnicodeString
ObfDereferenceObject
ObQueryNameString
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
_strnicmp
_stricmp
_wcsnicmp
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ