a387446b01b88cef424e5fbb0cad0bb0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a387446b01b88cef424e5fbb0cad0bb0
Size

832KB
MD5

a387446b01b88cef424e5fbb0cad0bb0
SHA1

e9fc6bfb9d66e1a27f6d7cdae9f9e369a4e48bca
SHA256

62d52097c7178eae98d3fed271cbc9ecbd0c5248a35a6618e2142eef354b8401
SHA512

1f170af0ab2cd2819628a1079deef7f551be75273fbc7543a412c268c7e7e20710ea5b762769094c90b7617aa8a1b517b6d58d841cd2790d44380e1e86096875
SSDEEP

24576:/7gqURFGodTzu339DXkL2pqqgE7BRICa2rM3QcUrt2oRK:kqURFGodv03JX62pqLE7BRDrWQcUrM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a387446b01b88cef424e5fbb0cad0bb0

Files

a387446b01b88cef424e5fbb0cad0bb0
.sys windows:4 windows x86 arch:x86

180974f67b163680f202b87f3ae6d2a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
_stricmp
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwReadFile
ExAllocatePoolWithTag
ZwClose
ZwQueryInformationFile
ZwCreateFile
ExFreePool
ExFreePoolWithTag
memcpy
strcat
RtlFreeUnicodeString
ZwQuerySystemInformation
DbgPrint
KeServiceDescriptorTable
strcpy
InterlockedExchange

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ