cc9f6245ae53c9c85ea21b223a4d93c8 | Triage

Sharing

General

Target

cc9f6245ae53c9c85ea21b223a4d93c8
Size

20KB
MD5

cc9f6245ae53c9c85ea21b223a4d93c8
SHA1

e20f3928781f437b942041cc4f99636497ba66ec
SHA256

d55a9886176e91ca3212f93df3cb5553ec2e483e9b3919a008a93c8aa47d0c5d
SHA512

4914c9acdbbf9f4f0be35d4ffde615a6e31592508cde9d51f6abb4e42ab1b998862804c7dba1ca99451af4f360f9a43e361dcb057bb4b604548065ea62eb54ca
SSDEEP

384:Vp3tE15JmUAoZIwiEYrLwiEYrwX8CujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oj:7OGCsEkEJsIpiKE4T7pYF4u3UVaDwBte

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc9f6245ae53c9c85ea21b223a4d93c8

Files

cc9f6245ae53c9c85ea21b223a4d93c8
.sys windows:4 windows x86 arch:x86

4c1cb5cda11abe3d1d1c2937ae8c3e39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
strstr
ZwQueryValueKey
ZwClose
ExFreePool
ZwCreateKey
RtlInitUnicodeString
wcscat
wcscpy
ExAllocatePoolWithTag
_snwprintf
ZwEnumerateKey
ZwOpenKey
ZwCreateFile
IofCompleteRequest
MmGetSystemRoutineAddress
KeServiceDescriptorTable
PsGetVersion
strncmp
IoGetCurrentProcess
_except_handler3
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwWriteFile
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
_wcsnicmp
wcslen
_stricmp

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ