bb51c5b1bd0f08c45c9e7fc4e8ee089c | Triage

Sharing

General

Target

bb51c5b1bd0f08c45c9e7fc4e8ee089c
Size

49KB
MD5

bb51c5b1bd0f08c45c9e7fc4e8ee089c
SHA1

619f79c61fbe625bc68a44a64848206b1873e07e
SHA256

dedadc73817d713b5085169fc57eb56321fa15039d56af79e20736c0182d7028
SHA512

6f3c4d7ad8515d78ee18760c65f73f16c1276934bfd8c73303012cb8781d4a91baa0c78ec850eacdefc1cfd507e7933e29b5c605d25390306704a38c32245828
SSDEEP

768:HqobbpA5hmaTkzA3gyea3yfh8EJ6PHQYXtHvOvoJG1hhi9Cd:ze+aJsGZgoJoU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb51c5b1bd0f08c45c9e7fc4e8ee089c

Files

bb51c5b1bd0f08c45c9e7fc4e8ee089c
.sys windows:4 windows x86 arch:x86

7e484eb67e27e173bc9493745481c453

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
swprintf
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwUnmapViewOfSection
IoRegisterDriverReinitialization
PsGetVersion
_wcslwr
wcsncpy
PsSetCreateProcessNotifyRoutine
ZwCreateKey

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ