ab07d07ba9824ee2d1fdceafcc81e5e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab07d07ba9824ee2d1fdceafcc81e5e1
Size

7KB
MD5

ab07d07ba9824ee2d1fdceafcc81e5e1
SHA1

10ec2b20c0b74cc5811a5e10a068103aac33e80f
SHA256

f481e60e349450633d3b034816c6e31010b2c68fe3328ed9f158dd4c573f9d47
SHA512

61f0b6e7f65e1a5c5f1bd23a25fa490f832cb0272320524509197dc2c52555b38122f96f6ff59e221498efcba2d5f8ac777e14db6d3e7d23f9545b77617bd1ad
SSDEEP

96:LcsRus7DP4+RFPLKuS5WPRURPvXC90rwjDd1oy2xwRcQODPiGw6pP:LYsfg+Po5qqPqer0d1zgUfyPi+P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab07d07ba9824ee2d1fdceafcc81e5e1

Files

ab07d07ba9824ee2d1fdceafcc81e5e1
.sys windows:6 windows x86 arch:x86

fa0027ce2ee47c980af7b6d705469249

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\source\kerneldrv\apps\driver\objfre_wxp_x86\i386\lanmandrv.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
MmGetSystemRoutineAddress
IoCreateDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
memset
memcpy
ZwOpenKey
KeTickCount
KeBugCheckEx
RtlUnwind

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 438B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ