8ac1e580cf274b3ca98124580e790706 | Triage

Sharing

General

Target

8ac1e580cf274b3ca98124580e790706
Size

5KB
MD5

8ac1e580cf274b3ca98124580e790706
SHA1

e010f298c086c2e1d7265fd18aea2dfbaa9dcd35
SHA256

a6b140ec734c258c5ebf19c0bc0b414b5655adc00108a038b5be6a8f83d0bd03
SHA512

c031d9438e87a58a183edfe2226fb4073963c480a6909e0a3839897497ace65e3b2e4b5d7527d8ab05eacc6602700cca44eec42d310d90a18e2e6db55e96674d
SSDEEP

96:eYtNn0TXtPVSDHawANDfq4bV1f7fn/33dMg7D:eYD0TXNVCLANT/b7n9Mg/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ac1e580cf274b3ca98124580e790706

Files

8ac1e580cf274b3ca98124580e790706
.sys windows:5 windows x86 arch:x86

1f5d19fc6ff4381ea0389d897da2cc57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObOpenObjectByPointer
PsLookupProcessByProcessId
PsTerminateSystemThread
ZwClose
NtBuildNumber
KeClearEvent
KeWaitForSingleObject
_except_handler3
KeCancelTimer
KeSetTimer
KeInitializeTimer
IofCompleteRequest
KeSetEvent
memcpy
ExAllocatePoolWithTag
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
DbgPrint
strlen
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ