cd3a8d3fb43bf162d8cac01b0c95dd8e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd3a8d3fb43bf162d8cac01b0c95dd8e
Size

26KB
MD5

cd3a8d3fb43bf162d8cac01b0c95dd8e
SHA1

b42b65668d66a614a6d4829c57047f90ce6fa0fa
SHA256

73f3f11a7dc8baa55823d1cf1ca411e6e0c82c80ff12bf122e230c3e46eeb2e6
SHA512

b73743641bd7a677adcf4daf8d76f892feaaf885524ba21a53f9aa03818883c32ef95ea7e637a36e0b3860ba33d8e419ff063e9b423c58862b285dbfda3cc8a6
SSDEEP

768:8DIG7VrOY+ZhWmU0HW1wIufxV8WAex5NG10M4pVgNGukjj8ijhhv+zoJgddgsO8S:8DI0Vl08mUH1wIKLQkj+asO8S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd3a8d3fb43bf162d8cac01b0c95dd8e

Files

cd3a8d3fb43bf162d8cac01b0c95dd8e
.sys windows:4 windows x86 arch:x86

26b29800ac951653a16b58387838079d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
ZwCreateFile
RtlInitUnicodeString
isdigit
IoRegisterDriverReinitialization
isupper
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
atol
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
srand
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isxdigit
PsGetVersion
DbgPrint
isspace
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
_wcsnicmp
wcslen
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
strstr
ZwCreateKey
wcscat
wcscpy
islower
atoi

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ