7d5132cb52dfc9cb19dcd3cf7fbc450a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d5132cb52dfc9cb19dcd3cf7fbc450a
Size

2KB
MD5

7d5132cb52dfc9cb19dcd3cf7fbc450a
SHA1

3f0a5fdad0d0b0fbf3240259d8b955dd1f34ff90
SHA256

e74ae8cc6e49aef373cf71c7f3d997bc60bec93f42be0b886f90f23c4decc2a3
SHA512

a982a3b5e0c635d6cf498b109f181443c6eb2a7cf3f5407f0e0c002474a855269782511a89c55d3fb2caa6c4170a731ebd4ddd0e3c9b58a2456f0798e6349edb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d5132cb52dfc9cb19dcd3cf7fbc450a

Files

7d5132cb52dfc9cb19dcd3cf7fbc450a
.sys windows:5 windows x86 arch:x86

607e7d6966028cd672b60ae30749e9cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\sys\RSTAST\objchk\i386\ressdX.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
DbgPrint
sprintf
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ