d428769c5aa027c7789a0a0014c8ceee | Triage

Sharing

General

Target

d428769c5aa027c7789a0a0014c8ceee
Size

2KB
MD5

d428769c5aa027c7789a0a0014c8ceee
SHA1

5c88772bad3d35e2e765c4ee608d573da1e7d5f4
SHA256

f8ad51e40d6e6a32fd0bae64d39f01eb2de1fd519e56f2febd9d646a4bf7ae45
SHA512

a37897a836a94406d85b719f09e3bdd4b77424ae307ab394f505415c61d9cc02b8ede3c1365daa42546f0418e5a91b551badd0662e4b492e25dab0289da28a63

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d428769c5aa027c7789a0a0014c8ceee

Files

d428769c5aa027c7789a0a0014c8ceee
.sys windows:4 windows x86 arch:x86

325302e9e6a3393750d6e87a24af833e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwQueryDirectoryFile
ZwAllocateVirtualMemory
RtlCompareUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 400B - Virtual size: 393B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 288B - Virtual size: 282B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 224B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ