96e592848503fd1480a9f988c8f90aa7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96e592848503fd1480a9f988c8f90aa7
Size

8KB
MD5

96e592848503fd1480a9f988c8f90aa7
SHA1

7d4c67d1e7a4f9ddac30c4d3ae9ac5d4743833a7
SHA256

c01c734af221d4ede612f8166c2ae65446daa4e7e50323a89628e47c941bc0ec
SHA512

2032280b134d725a121fbb66f51d303654a94a712b2e0eb9d8bc66c3aeb7a9b78a817465f8605cac9843066e5d91349d3c245bd688edbd2a5c9f75bebc38964c
SSDEEP

192:zsnQIU2xafSSFSSXsx2bacsvbWsRvZbYmY8qQRDlAn9P27Qr:gngtg4a/vb5Rv2P2+9O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96e592848503fd1480a9f988c8f90aa7

Files

96e592848503fd1480a9f988c8f90aa7
.sys windows:4 windows x86 arch:x86

de5df3284dd2c300b79e8be3f9b0365d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisGetCurrentSystemTime
NdisRegisterProtocol

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
MmIsAddressValid
IoGetCurrentProcess
PsLookupProcessByProcessId
ObDereferenceObject
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IoCreateFile
IofCallDriver

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 656B - Virtual size: 646B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ