9bb9a2e4bead99b6dc67f6c860318973 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9bb9a2e4bead99b6dc67f6c860318973
Size

27KB
MD5

9bb9a2e4bead99b6dc67f6c860318973
SHA1

a51972c6a8e86b9e35c134736806f683e8b530ce
SHA256

70d5614968e3f825f5a9e4f51d820b2960cebb1558cc05490a56504b67d9427b
SHA512

5cb1ec757f13d6a6e4298bf40dadf584a545a5b09b7ee050bed1305af426291de69da3f326224ffa51e06d77bf8b7e0bdc22ce19d7dbfde0d28e73906c1f84ed
SSDEEP

768:6LBm8VOBf8NUZ8WXShBWywJ6Uwuft6oSxqUFH:q+f8NmkBWy4AKt6oSwEH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bb9a2e4bead99b6dc67f6c860318973

Files

9bb9a2e4bead99b6dc67f6c860318973
.sys windows:4 windows x86 arch:x86

7157d656406fde3672ac15f385fd8123

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
wcslen
swprintf
RtlInitUnicodeString
_except_handler3
RtlAnsiStringToUnicodeString
wcscat
IofCompleteRequest
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
RtlCopyUnicodeString
MmGetSystemRoutineAddress
_wcsnicmp
wcscpy
ExFreePool
ExAllocatePoolWithTag
strncpy
_stricmp
RtlCompareUnicodeString
_snprintf
ZwQuerySystemInformation
_strnicmp
ObfDereferenceObject
ObQueryNameString
ZwUnmapViewOfSection

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ