7ae7b67607ad53d0092a00e7d469c7f8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7ae7b67607ad53d0092a00e7d469c7f8
Size

45KB
MD5

7ae7b67607ad53d0092a00e7d469c7f8
SHA1

aa2ba6b341612f95add24b25714af136e10430ea
SHA256

e60effd756d4f2a1cb630c19b78671f0a0eec8b57bc4d17792ab7225a4ed5314
SHA512

f8b1e528a2127bdd66b9af3c88764849253bbc258394a6c9319759f0ad927f3bbf3568535fe0614125be558809826f21c3efbe493f3b32eabdac6e0c6c43c092
SSDEEP

768:HTn+DLUhmUnP/+O4EO9fft/76eiwEgZvwm4xKcxHrB+6fXnxiND0DFXHLfRRQz:HjuSEMZnq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ae7b67607ad53d0092a00e7d469c7f8

Files

7ae7b67607ad53d0092a00e7d469c7f8
.sys windows:4 windows x86 arch:x86

bedadcc19fe937b0049e2284e2538a60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
RtlInitUnicodeString
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
ZwCreateKey
swprintf

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 704B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ