d5b5e5e3bff4ef23ed2d7a548e774937 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5b5e5e3bff4ef23ed2d7a548e774937
Size

8KB
MD5

d5b5e5e3bff4ef23ed2d7a548e774937
SHA1

a608ae1a2ac561fd95a41f9b0213009a311863dd
SHA256

87d652335566a15ba05e3b320b89256af5ec8bdfbf546b21a544db8e531e8df5
SHA512

50f9274f43b31c5966766758709d6e6c3d634514fc0ce2d4891639c1d0f4228d3fec2a4bb9b89f491396d77732885009715f0699b43bc80f730834cda6b4d7cf
SSDEEP

48:qZc3Jtsb8srmx9ed1mizQOsEcDXm1eVbRK5tz8sqqyQztotElgBENBWmhFD6g86h:/TsvrmHem+7sBTg4a4sjZgWjZFWnLH+h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5b5e5e3bff4ef23ed2d7a548e774937

Files

d5b5e5e3bff4ef23ed2d7a548e774937
.sys windows:6 windows x86 arch:x86

cf5c63b4fd917b896e0ec2d2f329572c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\vs2008\projects\hidepr~1\sys\i386\HideProcess.pdb

Imports

ntoskrnl.exe

IoFreeMdl
MmUnmapLockedPages
ZwQuerySystemInformation
DbgPrint
IofCompleteRequest
RtlAssert
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ