968f4620c3bdcc12dd37bc66b46cc6398dc4853c17a42e015e1d7baf16cb1206N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

968f4620c3bdcc12dd37bc66b46cc6398dc4853c17a42e015e1d7baf16cb1206N
Size

41KB
MD5

fc31ed2af391b09271eaf02486aae7a0
SHA1

6dac893cdad6e057ab6434e6a59d4d8ce7b3a25c
SHA256

968f4620c3bdcc12dd37bc66b46cc6398dc4853c17a42e015e1d7baf16cb1206
SHA512

550ad2c3db2502d71b878eb2dbd1d73916675ec1347fb265b7e855fe58515ed2d0c2e3e583b0d37566beed490755b7fcf0348d33fafb8c1fc553f6431b929570
SSDEEP

768:k9yT3ln5gGlR3g+xu0Kjuj9HqHq43I+GsERH:ksT3l5gGH7ubjMcR3KsEZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
968f4620c3bdcc12dd37bc66b46cc6398dc4853c17a42e015e1d7baf16cb1206N

Files

968f4620c3bdcc12dd37bc66b46cc6398dc4853c17a42e015e1d7baf16cb1206N
.dll windows:5 windows x86 arch:x86

35f020840ac9821b2cfd705e590f3b79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\QKwZzut\jgfXgTn\fpCQh.pdb

Imports

ntoskrnl.exe

IoQueueWorkItem
RtlEqualString
RtlSetDaclSecurityDescriptor
RtlInitString
KeRegisterBugCheckCallback
KeCancelTimer
RtlEqualUnicodeString
RtlTimeToSecondsSince1980
ExNotifyCallback
IoCreateDevice
MmCanFileBeTruncated
IoConnectInterrupt
KeRemoveDeviceQueue
SeImpersonateClientEx
ObReleaseObjectSecurity
RtlLengthRequiredSid
RtlInitUnicodeString
atoi
RtlCompareString
SeQueryInformationToken
KeRemoveQueue
KeInitializeEvent
IoDeviceObjectType

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ