c12781f8787eec4d93eb36a0cf889ae1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c12781f8787eec4d93eb36a0cf889ae1
Size

6KB
MD5

c12781f8787eec4d93eb36a0cf889ae1
SHA1

7c5fa0ada205ca5a3b0834f7f1836a308683fafa
SHA256

61c06856567e2f3bd46f22738513f976c594ae5688cae860f9410959bfd2d9bf
SHA512

42d29319b917ddcf4fa709be4d243558dc63dcf17b3b1bfbb556e23a194d7c60ecb16217cf0d78b4ff652ddda5a5034f96f6f18cb15de50002fce9aa254cfd3b
SSDEEP

96:ZkPbqf+t1F6yPvAwaG4P7o901rMMMWbQxKEw+2+lksYaT17NN:ZkPuYjO1WYTJs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c12781f8787eec4d93eb36a0cf889ae1

Files

c12781f8787eec4d93eb36a0cf889ae1
.exe windows:5 windows x86 arch:x86

64c920d0d8eecd3df079bb1c111e2e7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xxx0
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ