win32[.]exe | Triage

General

Target

win32.exe
Size

24KB
MD5

c9a31ea148232b201fe7cb7db5c75f5e
SHA1

b3074b26b346cb76605171ba19616baf821acf66
SHA256

9d88425e266b3a74045186837fbd71de657b47d11efefcf8b3cd185a884b5306
SHA512

01dfbb550043d29b22ac49bd85d3b6a64948ea76390634427387a83065374e8b06fbe7e3a3e604ceb727844c4c75b871d03eab7357f6e1d068bd7ea41fa4f0e5
SSDEEP

384:bJu/osVhICBqnHH1vZGHvCzQ3T022+u/IlCq7HuekK4:lw/rBQnVgHvqQ392//MRkK4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
win32.exe

Files

win32.exe
.sys windows:6 windows x86 arch:x86

c00e20f56d65068b81a1a5324d461344

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoFreeWorkItem
MmUnmapIoSpace
MmGetPhysicalAddress
ExAllocatePool
IoAllocateWorkItem
MmMapIoSpace
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoInitializeRemoveLockEx
IoCreateDevice
IoQueueWorkItem
RtlInitUnicodeString
ZwClose
ZwOpenFile
ZwQueryInformationFile
KdDebuggerEnabled
InitSafeBootMode
IofCompleteRequest
RtlDeleteElementGenericTable
KeGetCurrentThread
RtlLookupElementGenericTable
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlUpcaseUnicodeChar
IoRegisterDriverReinitialization
ExFreePoolWithTag
ZwReadFile
IoDeleteSymbolicLink
ZwAllocateVirtualMemory
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
ZwQueryValueKey
ZwOpenKey
_stricmp
MmGetSystemRoutineAddress
PsGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsLookupProcessByProcessId
ObfDereferenceObject
memcpy
_except_handler3
memset

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c00e20f56d65068b81a1a5324d461344

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 640B - Virtual size: 628B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 640B - Virtual size: 628B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1024B - Virtual size: 964B