c597c3bd3c998157edd52c1306c89d32 | Triage

Sharing

General

Target

c597c3bd3c998157edd52c1306c89d32
Size

40KB
MD5

c597c3bd3c998157edd52c1306c89d32
SHA1

550d91d7b3d3f9f0a37da42fda0cdc9177565af0
SHA256

cdd8dc62073eb9422a638581fc9e813a529a6b03ffac71c3aea79cb7b88ea308
SHA512

dbb86440f9f4a067cf80697bd22e8798ab72e4121a59ee048d389f898facd04e56076931e371592c193ad20457a8190da3e3be91024e57b40b921eadac2e6a21
SSDEEP

768:x2/ZX/CCMQtpQAbob5QcQienT8H3Irsb4fntvxmyD9Y:cECThbgQcOnTpsEfntZpY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c597c3bd3c998157edd52c1306c89d32

Files

c597c3bd3c998157edd52c1306c89d32
.sys windows:5 windows x86 arch:x86

03409c6b38ddf10a5c27154391db6faf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAttachDevice
ExAllocatePoolWithTag
RtlInitUnicodeString
MmGetSystemRoutineAddress
MmUnmapLockedPages
MmIsNonPagedSystemAddressValid
tolower
IoGetDeviceObjectPointer

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 328B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ