a985bc00c1c976a8f58cb8ad135aa8b7 | Triage

Sharing

General

Target

a985bc00c1c976a8f58cb8ad135aa8b7
Size

47KB
MD5

a985bc00c1c976a8f58cb8ad135aa8b7
SHA1

87126fdbbf0c09debd19c4efb4109f7dcc332000
SHA256

1b6f45523c9cf16d04d94ffa374e51530d10de8198036000a7deb1ace19fa78b
SHA512

15f5b0d2180e567de1491eb3bd3d2161f40f4d8eee442040c1d4007d17735294d9b870a4749862bcb87db7e34cda453886ba796b8910d2cd63caef376c4d2269
SSDEEP

768:ogpfY6PJP/b11I2xOynKnIwj44UjtlCmNFB5fLvIKPoOLZt5ZJT9wFHfSMIWfhSn:oUfYGJP/bLI2gyn0IwjTUjbCYFB5fLvu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a985bc00c1c976a8f58cb8ad135aa8b7

Files

a985bc00c1c976a8f58cb8ad135aa8b7
.sys windows:4 windows x86 arch:x86

e75001a54edac42acbc37c0c00dfdf9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetVersion
_wcslwr
wcsncpy
ZwClose
swprintf
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
KeDelayExecutionThread
ZwCreateKey
wcslen
RtlInitUnicodeString
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
MmIsAddressValid
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
MmGetSystemRoutineAddress
ZwUnmapViewOfSection
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ