7d4ca6039da0c03555007ed32416141f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d4ca6039da0c03555007ed32416141f
Size

83KB
MD5

7d4ca6039da0c03555007ed32416141f
SHA1

3edad0ffa64651922c2da34ae50aa372fab1f9c0
SHA256

eb459e4aafca2b4e7e2f0cc888e1ba333f11f298dadd02448091bd5b1cc781e2
SHA512

c30ac7509d66b3fceda558bb5fb11e92d0440aab9cab2c380d4acdcdf06aa3ee1bbb2a37e93710bfde50b5a0317734d488a0efee012a611b6a703a32db1aff70
SSDEEP

768:ZXAxKEtHd9gWmLNEWFqO2Wrgis8uQiim8/figljkfZ7OrDvqj5EsVAZAumzOp3nL:1NE5d94C2Jrg3eNUgCNyKW3nwO3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d4ca6039da0c03555007ed32416141f

Files

7d4ca6039da0c03555007ed32416141f
.sys windows:5 windows x86 arch:x86

aa7f03d6be483ccb0e111f4201dbf476

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
memcpy
KeWaitForSingleObject
ExFreePoolWithTag
IoFreeIrp
KeInitializeEvent
IoAllocateIrp
IoAllocateMdl
IoDeleteDevice

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ