bbd9dc0f19e64f66c9bfc7a41a54a942 | Triage

Sharing

General

Target

bbd9dc0f19e64f66c9bfc7a41a54a942
Size

6KB
MD5

bbd9dc0f19e64f66c9bfc7a41a54a942
SHA1

337d1778d09078ac174f38603e4a39c0314fd19c
SHA256

c414247b379f40be1eaa8695b62493eba4b03e8ceefa9b0abb5469bdcc026c34
SHA512

9a9a9c486679803d33c940a29bc075598d43ad879bfb9bfcae104b43f585adda239935658784c7a5f783d4eff948865e224821e39433b4033582ddd12bf6cfa0
SSDEEP

96:p/pz4euD3GOnyRWOuAO8ARQprii1pGAp4H1u2E:MjIRW5r8AOo11

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbd9dc0f19e64f66c9bfc7a41a54a942

Files

bbd9dc0f19e64f66c9bfc7a41a54a942
.dll windows:4 windows x86 arch:x86

934b866c48e2d9f3100f3940d5653a0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwCreateFile
RtlInitUnicodeString
ZwQueryInformationFile
memcpy
memset
ExAllocatePool
ZwMapViewOfSection
ZwClose
ZwCreateSection
_stricmp
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwUnmapViewOfSection
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strcat
strrchr
strcpy
ZwQuerySystemInformation
NtBuildNumber

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ