e16660efcf7d51abe08e6af11fc0f85c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e16660efcf7d51abe08e6af11fc0f85c
Size

9KB
MD5

e16660efcf7d51abe08e6af11fc0f85c
SHA1

ba8ee89f4a565bf4f00976dd9df0bb6946383874
SHA256

543e778e779ec0b945e74e3fbcc6477c5f61ad18167575ed747084a6ce64263f
SHA512

20d3e72b5b7cd71e48d42d603961da7a87e4162474d535e33b57f98d6cb1ada1bfb3a4b11c2e564c6f2ad4b5372cb84f3c26693f7ff4b748b193c7bed6dfba45
SSDEEP

192:ibcEB2AURwMKbvHvclANz3JYdKfMF8QWm9:Mc+USMivwg3JYdMM2W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e16660efcf7d51abe08e6af11fc0f85c

Files

e16660efcf7d51abe08e6af11fc0f85c
.sys windows:5 windows x86 arch:x86

d195fa556ee06658c092b3be022ee00b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sys.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
memset
ObReferenceObjectByName
IoDeleteSymbolicLink
IoDeleteDevice
ZwSetValueKey
ZwClose
IofCompleteRequest
ExFreePoolWithTag
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsnicmp
IoGetCurrentProcess
MmIsAddressValid
swprintf
ObfDereferenceObject
ObReferenceObjectByPointer
ExAllocatePoolWithTag
PsGetVersion
memcpy
_except_handler3

hal

KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 608B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 688B - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 496B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ