4c092a24e083809648b545b71ea88c96b0561a6ce64f78944a89df57fc91f32c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c092a24e083809648b545b71ea88c96b0561a6ce64f78944a89df57fc91f32c
Size

11KB
MD5

8604da9b9eac2be16288e6ceaa69c964
SHA1

0473005464ff74eea9b1033f0c987c4f7f474a09
SHA256

4c092a24e083809648b545b71ea88c96b0561a6ce64f78944a89df57fc91f32c
SHA512

16254d18102345ec164dcca9f28bc88ae8e1d2c6d7a090bd8273d10e8f003818ad0fc9b0c655ee27641e8220f6b4f39964942cd3ab63456ece49f42ba445bf69
SSDEEP

192:IWrXTmqG12LiQ/xXPsAuliz8wYddTmFgz:njmq+2LH/xEAulVXrTmFgz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c092a24e083809648b545b71ea88c96b0561a6ce64f78944a89df57fc91f32c

Files

4c092a24e083809648b545b71ea88c96b0561a6ce64f78944a89df57fc91f32c
.sys windows:5 windows x86 arch:x86

b0b67eef723ce5dcb251767cfb6250ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
wcscmp
KeServiceDescriptorTable
NtBuildNumber
ZwSetValueKey
ZwOpenKey
_except_handler3

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 382B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE