b97015d51d45b16d16535f507aaa5e8e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b97015d51d45b16d16535f507aaa5e8e
Size

48KB
MD5

b97015d51d45b16d16535f507aaa5e8e
SHA1

d68b78f69683e820efb71788e546ac62b645b0cf
SHA256

10bee21adb55463d5ffaaf862d1d1add73b1fb2957b0b8158d9e294bd21514b4
SHA512

ec06c6e14e9e91b22466d5f6306c36be1be0fc245ee890cc11b18611c5db8a726441bedb3b4ff848f94d878b959dc14ca25e3bc85e6b17e518de3c22ea61c103
SSDEEP

768:jGHmct4JGpMJedYruWgT5p8Loa2rr7SEqrK9QLKnPkoiGNywFtFAQdilLgqUV:6x6MHGiqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b97015d51d45b16d16535f507aaa5e8e

Files

b97015d51d45b16d16535f507aaa5e8e
.sys windows:4 windows x86 arch:x86

279e7a68173627a5fc8e6ce77c0c989b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
PsGetVersion
_wcslwr
wcsncpy
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
PsTerminateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwUnmapViewOfSection
swprintf
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateKey
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 160B - Virtual size: 139B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 832B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ