97e566178292b616b251855b675cd698 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97e566178292b616b251855b675cd698
Size

132KB
MD5

97e566178292b616b251855b675cd698
SHA1

3ded1888d1eae955d7216f026ed3e69872615436
SHA256

c618f2512ba59eb9a39bcc9e150305aefd95b40500d78216a6829f0653f85488
SHA512

84334adcb6f5222b14db38c0ca41a5e7fa92a604010e00b74a174cc0e02da006b52b6b7adc196c857bdd0af5f32449d47e959c05614610930daf27d0392f9ec1
SSDEEP

3072:USKZ81r0p72fAHuj2iImHHhb3RJa+hXX4P9SR1h3D8U:dk72fAOjfVTa7P9SR3wU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97e566178292b616b251855b675cd698

Files

97e566178292b616b251855b675cd698
.dll windows:1 windows x86 arch:x86

d592cc76b503788b2edff084a5344a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache
ZwQuerySystemInformation
ObReferenceObjectByHandle
IoGetCurrentProcess
NtGlobalFlag
DbgPrint
_except_handler3
atol
CcFastReadWait
ZwFlushVirtualMemory
ExFreePoolWithTag
KeQueryTimeIncrement
KeTickCount
MmCreateMdl
KeBugCheckEx
RtlAnsiCharToUnicodeChar
wcsncpy
strstr
strncpy
IoCheckFunctionAccess
CcUnpinDataForThread
ObfReferenceObject
strncmp
FsRtlPostStackOverflow

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 768B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE