ad1d384dfa68dd54bd1f9c29c7d2bcc2 | Triage

Sharing

General

Target

ad1d384dfa68dd54bd1f9c29c7d2bcc2
Size

17KB
MD5

ad1d384dfa68dd54bd1f9c29c7d2bcc2
SHA1

8166232c2f42c55b1b330f572da6324b6625e7e5
SHA256

c20dbad0d87cc8b2ce7ecc48a5ee82695523fc75e0907bb3249dd53363aa5ca6
SHA512

2a92e30c286934502fae7a721c270c25e838af178e2014371d67103c808f0bee682a9d8a969238781b4a2324a51c08b12a4059f7bf6c86217ba76228c0e7878e
SSDEEP

384:U6lDyZcur19E0sHVhRJR9NPldZqYSUnuA+SgsU2g9a:UtZcur1PyVhbNPldZ8Unt2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad1d384dfa68dd54bd1f9c29c7d2bcc2

Files

ad1d384dfa68dd54bd1f9c29c7d2bcc2
.sys windows:4 windows x86 arch:x86

bfe88d380c42e7e3aafdb0c9e486a3b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
isprint
RtlInitUnicodeString
wcscat
wcscpy
atol
PsSetCreateProcessNotifyRoutine
toupper
islower
IoDeleteDevice
IoCreateSymbolicLink
isupper
srand
IoCreateDevice
PsGetVersion
isxdigit
strchr
isdigit
strrchr
atoi
strstr
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
isspace
tolower
_wcslwr
wcsncpy
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString
IoRegisterDriverReinitialization
ZwUnmapViewOfSection

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 864B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ