972f45535566507dbfe42cc0e439bcba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

972f45535566507dbfe42cc0e439bcba
Size

123KB
MD5

972f45535566507dbfe42cc0e439bcba
SHA1

4a811435460d9889a64d1551eda8e246cb31ce72
SHA256

cac1fe3fddd9571c006e89e67091d9af68a412dcd23473a5ba92d311ba9d9f05
SHA512

0e03405d35c368388f4bf2acbcf20cd275f5f1076a3eb71378ada4ad34f93f1c66120d497533df47c45f207999fd614e43af5a84025b15ca466ce95a86774caa
SSDEEP

3072:iXVsfRFit9dASmTvxedbgowbcFh2bQ9QslLHlWd9M4jA:RDit9jmebgAFh2Gd1HlW5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
972f45535566507dbfe42cc0e439bcba

Files

972f45535566507dbfe42cc0e439bcba
.dll windows:1 windows x86 arch:x86

0eb2b3010921c2095c7268b592d4f43f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwQuerySystemInformation
_except_handler3
ExFreePoolWithTag
strncpy
RtlAnsiCharToUnicodeChar
FsRtlNotifyInitializeSync
KeBugCheckEx
KeQueryTimeIncrement
wcsspn
KeInitializeEvent
NlsLeadByteInfo
strncmp
strstr
ExAllocatePoolWithTag
MmFreeNonCachedMemory
KeTickCount
InbvNotifyDisplayOwnershipLost
DbgPrint

Sections

.data
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 672B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 576B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE