ca1305634851dc76fb3cc05fbe4e1786 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca1305634851dc76fb3cc05fbe4e1786
Size

4KB
MD5

ca1305634851dc76fb3cc05fbe4e1786
SHA1

c90d6de35ec05bcff8ee7dc391f0cdb8c76140b4
SHA256

3836bf4e39c4de4d7246c250a9f9999e5f279d013ec8c0907eeb09e1b2afdb6b
SHA512

27ddd48788e286b278ab7b389673f4ce64a05b1034306f5989060db94af6cb636928883c688e3223816dbc944cc49f6b6206d54e7c446a03e4572c0db65cf152
SSDEEP

96:Pro+Mp84+Lk5Nfxntfo06+bs8J/w/sw39mZ:9TXLk/fxnN4/swty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca1305634851dc76fb3cc05fbe4e1786

Files

ca1305634851dc76fb3cc05fbe4e1786
.sys windows:4 windows x86 arch:x86

cdab88fe925b8651fe8f34e7ff86924f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoRegisterDriverReinitialization
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByName
ZwAccessCheckAndAuditAlarm
ZwClose
ZwOpenDirectoryObject
MmUserProbeAddress
KeServiceDescriptorTable
IoDriverObjectType
DbgPrint
IofCompleteRequest

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ