c6fdb0c77489d6fc623810b01f171d19 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6fdb0c77489d6fc623810b01f171d19
Size

25KB
MD5

c6fdb0c77489d6fc623810b01f171d19
SHA1

de3afc7c6a3864520b5b8c9a7411286a970ab301
SHA256

f011d309f76011d5842ac8a24f772d60dfb2468880e2ce20cebe349608069995
SHA512

15d35f49a42e8e54f39fa9cb725b0c80005c7e26178b0e5e8f2fe898555675a69fd40dfc64863daff041a76299d44406791d00a7e3a08f0f1da28eb65215cfe9
SSDEEP

384:/h7UB97TAHPLHEC1s8TzOB2Yc2y6gJREN07x8IRWBDookU1OWlHr:tUBkTHECVzlYo6g3EN07tR8cLUpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6fdb0c77489d6fc623810b01f171d19

Files

c6fdb0c77489d6fc623810b01f171d19
.sys windows:4 windows x86 arch:x86

88cf00d08b8ea92ca5287a93d88344c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
MmIsAddressValid
RtlInitUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
wcslen
RtlCompareUnicodeString
ExGetPreviousMode
RtlCopyUnicodeString
strncmp
_wcsnicmp
_stricmp
strncpy
swprintf
RtlAnsiStringToUnicodeString
IofCompleteRequest
ObfDereferenceObject
MmGetSystemRoutineAddress
wcscpy
_except_handler3

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ