c60e01efa2d0580e5b7cf239946594a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c60e01efa2d0580e5b7cf239946594a3
Size

652KB
MD5

c60e01efa2d0580e5b7cf239946594a3
SHA1

4e239a97576aaa7ea2cbe47192b0605a6d4056c1
SHA256

79e570d5c49d5f0983ed54ad8a1a376e9899e4868389d4ee2497e646f6db88d3
SHA512

b5caf91faf323eb8a7310817caee13d5867784f432483f3640fb57c0cec197b063d61b473b151c0a8ee17bbcaa2e220a2dd2d3a504b8c9db4e04cdf28f84030d
SSDEEP

12288:cWWP6hUu8qMmjj14QM9UCqrom9JoyV+h9drYe:cWuifhn1nCqU2zVUr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c60e01efa2d0580e5b7cf239946594a3

Files

c60e01efa2d0580e5b7cf239946594a3
.sys windows:4 windows x86 arch:x86

5e4cb15aa3df8da982ed18ac40068dec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateKey
NtOpenProcessToken
NtCreateFile
NtClose
NtAdjustPrivilegesToken
NtDeleteFile
NtWriteFile
RtlInitUnicodeString
NtSetSecurityObject
NtTerminateProcess
NtSetValueKey
NtQuerySecurityObject
NtReadFile
RtlQueryEnvironmentVariable_U
NtQueryInformationToken
RtlUnwind
wcscpy

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ