7c243ec8994d50933b3615433e7e0337 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c243ec8994d50933b3615433e7e0337
Size

29KB
MD5

7c243ec8994d50933b3615433e7e0337
SHA1

f78c1f0181c2f8ff9e92d55ec53a8e1d8ceee000
SHA256

8644d32b81e606f96075c407bd5f78d4ac5769ccbc40d9f15c28649c520dc529
SHA512

4f21438ce11971f5cbaa6734a590bace8ccaea317a921f1b508c06029133d2ec3bc55b601bca00da2a0536ee1dc34ea66e04a4ddb1c6ead696313e94c3b97de1
SSDEEP

768:ljPVLsTXwAorc4ItsvQrMgGN9Nij8wpx:5PVLsWc4IM79Iv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c243ec8994d50933b3615433e7e0337

Files

7c243ec8994d50933b3615433e7e0337
.sys windows:4 windows x86 arch:x86

2866354df5e09a0d669613038448034a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObQueryNameString
strncmp
IoGetCurrentProcess
wcslen
RtlInitUnicodeString
wcscpy
wcscat
RtlCopyUnicodeString
_stricmp
IofCompleteRequest
MmIsAddressValid
strncpy
swprintf
_wcsnicmp
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
_strnicmp
MmGetSystemRoutineAddress
ExFreePool
ExAllocatePoolWithTag
ZwUnmapViewOfSection
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_except_handler3

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ