9b04bff1fb9cf4e4829316b7404e8299 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9b04bff1fb9cf4e4829316b7404e8299
Size

50KB
MD5

9b04bff1fb9cf4e4829316b7404e8299
SHA1

e976329bbc9442107c5ef9f8b3ed1cde25ed3f82
SHA256

b6eb96b0f4fb3dca8712e68571bf42575e0e4afc76877717c2b63a005d834f59
SHA512

40971d6872bb40e809561a1019252edf36228acbd47493ef64e22bfd44820cc592271fba78b4b93a4776fb936a00834057dde1aca535af1ba9ca02f9085d739e
SSDEEP

1536:sIQPS/bT61htFfddQcIp6RdpTJXZnvMXX3m0B:gKDT23FfddQf6/pTFZnvMXX3m0B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b04bff1fb9cf4e4829316b7404e8299

Files

9b04bff1fb9cf4e4829316b7404e8299
.sys windows:4 windows x86 arch:x86

b0ad4d8a2b5076d791d402b6ac2f31c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
IoRegisterDriverReinitialization
ZwDeleteValueKey
KeDelayExecutionThread
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwEnumerateKey
_strnicmp
IofCompleteRequest
wcsncmp
towlower

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 224B - Virtual size: 218B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 960B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ