26cb586f37a156803ab3b325f93bb610N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26cb586f37a156803ab3b325f93bb610N.exe
Size

174KB
MD5

26cb586f37a156803ab3b325f93bb610
SHA1

ebcf8273373f57eb10e148c7f2b67948dda35c12
SHA256

126ced0bd2f0053d79e480c88f3e83bce919d1bc1948a0a513d4bb1c1c908760
SHA512

1c8d9389f209a7121ef1a356e5cdf556992f3556297537230b5a05b69d3685b63d169104692c63206bc97b117b81f4233f76f601648f98b80dec0799a5b02843
SSDEEP

3072:gepT2TbcnzzW44AIUxtS3NTQbg6bWJ2c8hZ+8iu7Ibf3a8Y0rRAXoLjHwSIisu2l:geubPJQb3+WZr0FYGzRIBNb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cb586f37a156803ab3b325f93bb610N.exe

Files

26cb586f37a156803ab3b325f93bb610N.exe
.sys windows:10 windows x64 arch:x64

f73f24228894974aef90f517b5c53650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

NtOpenFile
__chkstk
RtlInitUnicodeString
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlGetVersion
KeDelayExecutionThread

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE