ca69d588669a8dd7bf969d56e9b39d93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca69d588669a8dd7bf969d56e9b39d93
Size

15KB
MD5

ca69d588669a8dd7bf969d56e9b39d93
SHA1

1eb8f2c5308c7602009a7601d30ba27225e5aab7
SHA256

c726a2c5818c9e6f6e4636994e20227a7f94a28f55750b428f7c0da4004a9343
SHA512

44e17089c080e74585e8b02b524e85b6703daf0daa7a87e01a5784db512bc67ed9a7fe24b11b1a8b6a70739ecfd363b08eb1a62e5c710370e54128966fcfbbac
SSDEEP

384:90RHR25KnQh+ycu3vaRMignwK7Yb5YO0tJiV:iD25QrgiXgwK7Yb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca69d588669a8dd7bf969d56e9b39d93

Files

ca69d588669a8dd7bf969d56e9b39d93
.sys windows:5 windows x86 arch:x86

7fc8018ca202db1735c4556636b3420a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\NewProjects\hide_tools\objfre\i386\hidetools.pdb

Imports

ntoskrnl.exe

ord13692
ord13712
ord13740
ord13750
ord13774
ord13798
ord13820
ord13832
ord13842
ord13858
ord13882
ord13896
ord13922
ord13940
ord13956
ord13984
ord14002
ord14026
ord14050
ord14072
ord14100
ord14156
ord14180
ord14196
ord14206
ord14226
ord14246
ord14272
ord14292
ord14318
ord14344
ord14362
ord14394
ord14414
ord14424
ord14452
ord14480
ord14502
ord14512
ord14522
ord14538
ord14572
ord14596
ord14612
ord14638
ord14650
ord14670
ord14702
ord14718
ord14742
ord14754
ord14772
ord14800
ord13680
ord13668
ord13640
ord14126
ord13628

hal

ord14882
ord14860
ord14840
ord14820

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ