98ddd9337bd65d8b5023cc5e5812aa64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98ddd9337bd65d8b5023cc5e5812aa64
Size

132KB
MD5

98ddd9337bd65d8b5023cc5e5812aa64
SHA1

50324809b966de8d455b8ac666223057a600ac7c
SHA256

6393802b2142ef9385fb1e4abdc5eefdffcdc2c0b50ac46bbbd83f512d9ee9d6
SHA512

2ab4a16b29653d15501814e444da4a179cd084509aefc6de913bbf2c386cb0f326b10367d9e7566f4832c4ed343cff0a871fd446fbd6d0c9da9d8912e216a280
SSDEEP

1536:eV8vijwMT9C8Q2lUrxL01BNZv1U4LCwnh4VZiCNjJSkqYigvIvIO+W5PMgOGHJ43:+g8s01llCX0CrSkqIIgO+suGpP+mL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98ddd9337bd65d8b5023cc5e5812aa64

Files

98ddd9337bd65d8b5023cc5e5812aa64
.dll windows:1 windows x86 arch:x86

861c62f02ca25b9dc2a563e082853962

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

wcsncpy
IoGetCurrentProcess
KeBugCheckEx
ExAllocatePoolWithTag
ZwQuerySystemInformation
MmMapLockedPagesSpecifyCache
ObfReferenceObject
strncpy
_except_handler3
KeQueryTimeIncrement
RtlEmptyAtomTable
strncmp
WmiTraceMessageVa
PoUnregisterSystemState
RtlLargeIntegerNegate
RtlTimeToSecondsSince1980
IoStartTimer
KeTickCount
strstr
CcFastReadNotPossible
ExFreePoolWithTag
FsRtlLookupPerStreamContextInternal
DbgPrint
RtlAnsiCharToUnicodeChar
ObReferenceObjectByHandle

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 622B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE