c51fe8b34b83ed73fad8c75dc876b1bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c51fe8b34b83ed73fad8c75dc876b1bd
Size

97KB
MD5

c51fe8b34b83ed73fad8c75dc876b1bd
SHA1

f5f3971422975061d72609f296b58b74741a7230
SHA256

bcfd0272261260ea38ea4fa70f4b5de62aebac03d99ee43d16bf5dc63cbe1eec
SHA512

db721b7debc7ca16fca424e9c928d17859585157057d74db7c6926a74936f8d5bac97a8f207f08b37a8839359a5ed4d8b4dcd7902625aff4db8b2895ebce1d97
SSDEEP

1536:mgfyQnm84Vr/uBdlFWW7JhjWhriEvlmpAwPlYCST9XIpNSxbb06huNpqe:mgFa2DnTSiMljDJZIpNmQ6haQe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c51fe8b34b83ed73fad8c75dc876b1bd

Files

c51fe8b34b83ed73fad8c75dc876b1bd
.sys windows:5 windows x86 arch:x86

82ee8658730e560b64c06ac93e1624d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlMdlRead
NtNotifyChangeDirectoryFile
KeSetDmaIoCoherency
RtlUpcaseUnicodeChar
ZwFreeVirtualMemory
KeSetEventBoostPriority
ExLocalTimeToSystemTime
SeCaptureSubjectContext
PsCreateSystemThread
InbvNotifyDisplayOwnershipLost
wcscmp
RtlDecompressBuffer
ZwQuerySystemInformation
IoInitializeRemoveLockEx
ExFreePool
ExfInterlockedInsertHeadList
ZwUnloadDriver
IoGetRelatedDeviceObject
IoCreateDriver
NtOpenProcessToken
_itow
ExAllocatePool
LpcRequestWaitReplyPort
IoRegisterDriverReinitialization
ExNotifyCallback

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE