80265de4e94263f64dd8cc7cb8dbda5c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

80265de4e94263f64dd8cc7cb8dbda5c
Size

11KB
MD5

80265de4e94263f64dd8cc7cb8dbda5c
SHA1

b1f8edb9614769dd93d156cca1f4d548fd6659fe
SHA256

0e8c28b769fe1c175ea8716057ad4117ea8ac6e939c2517140d05f1d0d6f94de
SHA512

46090ddaf97c23225d4718782ef2089b9cc1be7827c27be2cab5a6b9e8d3db1e012bc65c5b0bf660b37b6f3dc03020f06ff3d61d1376f23702b363fd0fe3dcce
SSDEEP

192:1HpffIfglaAnkCzY+gT0Ra10OI8Pdsil1EAAav4CWoiZYgtfCmHjv7ePJ:j3ImHS0k0DZkFNvNWo+tfPfe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80265de4e94263f64dd8cc7cb8dbda5c

Files

80265de4e94263f64dd8cc7cb8dbda5c
.sys windows:5 windows x86 arch:x86

c793c8b4eb3b5f46e7d65ffeb7a1a3de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\CPP\driver\fuse\fuse\DefendTrojan\objfre_w2k\i386\fuse.pdb

Imports

ntoskrnl.exe

ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
KeSetEvent
wcsncpy
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ExFreePool
IoFreeMdl
MmUnlockPages
PsSetCreateProcessNotifyRoutine
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithTag
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeServiceDescriptorTable
ZwDeviceIoControlFile
KeInitializeEvent
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
_except_handler3

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ