c350a56aebb367c9226f286028920272 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c350a56aebb367c9226f286028920272
Size

3KB
MD5

c350a56aebb367c9226f286028920272
SHA1

2cdbe789774edf03f40f1b1e2595a949a5355f14
SHA256

ce8f7c38c57aa213e60245a50d79ada9ae53c62357cbc68c4b0fef3e458cceb2
SHA512

2ec18c2263ce4353e6dd12c7a33abdeaee0c2826d93098deadc148415beb412b2f98c235b19283be60885d2facee38155eef0f47ee9a9a33ea5375dbda972da9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c350a56aebb367c9226f286028920272

Files

c350a56aebb367c9226f286028920272
.sys windows:5 windows x86 arch:x86

015723de583d41276af2878d5dbddd30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
PsLookupProcessByProcessId
RtlInitUnicodeString
PsTerminateSystemThread
IofCompleteRequest
PsGetVersion
KeServiceDescriptorTable
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 370B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ