c7c732a76f756d0ad3ca5971d7efce49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7c732a76f756d0ad3ca5971d7efce49
Size

48KB
MD5

c7c732a76f756d0ad3ca5971d7efce49
SHA1

30f3e108d91e9d5a3b938911d7d13147102f91b7
SHA256

24eb691b535a309662ba6cbcae865761ea998fc087e4a27fe481070dca430a7f
SHA512

04c5a66c568258fc9c2b88f60f1f09fb2966f2c44c929eb4a041521e9fa776a501585b118689542f1c4fe88ee00f8aee4d864c316ecfc98beb56c402b6134a20
SSDEEP

768:cLuJILRHK0n/Jo5+rQPUNJLItwa4n6dQUqE6cwTW58:oue7n/JAMHUtwQQd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7c732a76f756d0ad3ca5971d7efce49

Files

c7c732a76f756d0ad3ca5971d7efce49
.sys windows:4 windows x86 arch:x86

b72c95375a58553f860bc790e6625d8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
IofCompleteRequest
IoGetCurrentProcess
wcsstr
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
wcsncmp
towlower
IoRegisterDriverReinitialization
strncmp
strncpy
_strnicmp

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 192B - Virtual size: 167B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ