dea0f07ad6455bf7c60fcd24a623ee77 | Triage

Sharing

General

Target

dea0f07ad6455bf7c60fcd24a623ee77
Size

49KB
MD5

dea0f07ad6455bf7c60fcd24a623ee77
SHA1

bb3c4707fce5fe3297f93eee7f6576eea2005aef
SHA256

40773be6da8e8fbe01f0370b52d38394d2d3a75d3c99184ef36c6b227038850d
SHA512

152f9f16b074da127a36f14fdb0c1e3b5806873891ca14e7fa580b29f3afda1721947bb37ad73135f819b1a8fa1fdf952eda6fdb0f2227665091c033f6297940
SSDEEP

1536:WNxHEZEjd8bFbZri31DGTsa+D4P02UAWRC8JAtbNm:EHEZEjd8bFbZriFDGIa+D4P02UAWRC8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dea0f07ad6455bf7c60fcd24a623ee77

Files

dea0f07ad6455bf7c60fcd24a623ee77
.sys windows:4 windows x86 arch:x86

d1b91f9c6e62e9e09ca86e72b2ccd6b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ZwCreateFile
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
wcscat
wcscpy
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
wcsncmp
wcslen
towlower
IofCompleteRequest
IoGetCurrentProcess
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
ZwEnumerateKey
strncmp
strncpy
wcsstr
_strnicmp
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 192B - Virtual size: 187B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ