95cec2a40e901a304cbc9798d767a525 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95cec2a40e901a304cbc9798d767a525
Size

26KB
MD5

95cec2a40e901a304cbc9798d767a525
SHA1

0f13c77d08f498dc787416d44099e5fe0d532830
SHA256

d4ff6dee9b9d4181576cd34f4d6dcbe8392c517434df71c026ce9096de1f5e96
SHA512

1bcecd6a21b561842f65b7d928fdc73428de3fd52bbe8f7a596e040fb1861209954332bb0a6c47b7099a88ff74e9e3a6d9adf40b48cf6ee2b0c08b793c172f92
SSDEEP

384:PThhhCV0rr1HLBkwMk/kvN/bfFNrZlYhEpbXBYB1WRX:dhYV+hLqN5NzFRZlWAba8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95cec2a40e901a304cbc9798d767a525

Files

95cec2a40e901a304cbc9798d767a525
.dll windows:5 windows x86 arch:x86

06582792d92d8b36bbc385971a8ed09b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExAllocatePool
ZwQuerySystemInformation
RtlEqualUnicodeString
PsLookupProcessThreadByCid
KeInitializeApc
ObfReferenceObject
memcpy
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeInitializeTimer
KeInitializeDpc
KeSetTimer
ZwAllocateVirtualMemory
ExFreePoolWithTag
KeInsertQueueApc
ObfDereferenceObject

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ