7e515d54516a231d26ac6848c9a9e9cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7e515d54516a231d26ac6848c9a9e9cf
Size

4KB
MD5

7e515d54516a231d26ac6848c9a9e9cf
SHA1

a6338bfb090d19e5fc8a6c192be473abcf8fd333
SHA256

c1863b92f8a32e941cd6be000ade1a6116b4700bb4b4cb6d4406bd91fb5c85f9
SHA512

586111cd00d7f920f10c34cff2324ad7246c7c9b31115f2e14d59d4a4148242a99725bd4b106248bc8bc588ff03fbc8eb25dfc492ec56718e11dfaa6c00e6e38
SSDEEP

96:Oe4We4We4We4We4We4We4We4jLP+FOntFe4se4We4We4We4We4We4We4F2Tc2APo:bxHSaZ3i4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e515d54516a231d26ac6848c9a9e9cf

Files

7e515d54516a231d26ac6848c9a9e9cf
.sys windows:5 windows x86 arch:x86

42615073f25c95c400365d901edc0908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\w32root\src\driver\objfre_wxp_x86\i386\driver.pdb

Imports

ntoskrnl.exe

RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
ObQueryNameString
IofCompleteRequest
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ZwSetInformationProcess
ZwDuplicateToken
ZwOpenProcessToken
ZwClose
ZwOpenProcess
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 562B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ