ad551dc0019a21f44bb04d45378eed0b | Triage

Sharing

General

Target

ad551dc0019a21f44bb04d45378eed0b
Size

27KB
MD5

ad551dc0019a21f44bb04d45378eed0b
SHA1

1123fd035d4744d39520f6938445cdb3cdc5adf5
SHA256

162895b3f34056884db0bc5e23eb65bb832b630c3157b4c4e2873fdabd8343f8
SHA512

cea07e3581ec0f16f4a6b9cc8c54346f2d5da9a77c14e844a2179e3e1dc173befba0b97af361692b88f5e89a858e4b1d26dd71e124c43c5d6e701ad88810a60c
SSDEEP

384:N6rhu+9BCLPzR3d8rgegpsmHD6PLSb6/wg+R5Hz9Y8A2coU:MT9sLPzT+geZmHCe7g+RJRA2a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad551dc0019a21f44bb04d45378eed0b

Files

ad551dc0019a21f44bb04d45378eed0b
.sys windows:4 windows x86 arch:x86

6b0234faab527b2c9fcdbd5b8c92412a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlInitUnicodeString
RtlCopyUnicodeString
swprintf
wcscat
wcscpy
_stricmp
strncpy
IofCompleteRequest
ZwClose
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlCompareUnicodeString
_strnicmp
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
MmIsAddressValid
ObfDereferenceObject
ObQueryNameString
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
ZwUnmapViewOfSection
_except_handler3

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ