bed399d56b82369eb7fb95caad16de04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bed399d56b82369eb7fb95caad16de04
Size

3KB
MD5

bed399d56b82369eb7fb95caad16de04
SHA1

ab8bf9d1d1e20e10969ed264eb99bfd6b2426f3d
SHA256

4365da7c2bef9be2b57234554024a6d02ea43e906d823096ee710359f910d286
SHA512

a04619f66aaa50705057e84ac275fb76274a0cb72bb0d03b933e4f556d5459286fcd5f940d4309bd0c0f14ec8a7ed298d46e65ba00ec9f1e8341198ff9ed3657

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bed399d56b82369eb7fb95caad16de04

Files

bed399d56b82369eb7fb95caad16de04
.sys windows:4 windows x86 arch:x86

5f3420e9803def75ebaa9f4ebbf19d4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwAllocateVirtualMemory

Sections

.text
Size: 960B - Virtual size: 958B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 208B - Virtual size: 196B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 368B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ