188e65f122f725e839f62341d434324cefd475a38be2b8922ea209a49ef3807eN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

188e65f122f725e839f62341d434324cefd475a38be2b8922ea209a49ef3807eN
Size

33KB
MD5

931af57d3f79f12461894d2ccf507a60
SHA1

2c75c2bbb175647060b9bba78ab63070f997ea3b
SHA256

188e65f122f725e839f62341d434324cefd475a38be2b8922ea209a49ef3807e
SHA512

0c8903c6b84d9c5a24f7e4df29791518a7e7508cb0840e817666dcacb18eaf10f9ff42fd2aef58c7518f4cb39573523777587a45f838720a6e36cba475989df1
SSDEEP

768:SH7JpHyisKl4qJWisKl4qJZisKl4qJHisKl4qJ:SnHyisKldJWisKldJZisKldJHisKldJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
188e65f122f725e839f62341d434324cefd475a38be2b8922ea209a49ef3807eN

Files

188e65f122f725e839f62341d434324cefd475a38be2b8922ea209a49ef3807eN
.sys windows:6 windows x64 arch:x64

0816c1bb9d7c0db0392e278174bfde6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

csrss.pdb

Imports

ntdll

NtSetInformationProcess
RtlSetHeapInformation
RtlSetUnhandledExceptionFilter
NtTerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtTerminateThread
RtlUnhandledExceptionFilter
RtlSetProcessIsCritical
isspace
RtlUnicodeStringToAnsiString
RtlAllocateHeap
RtlFreeAnsiString
RtlNormalizeProcessParams

csrsrv

CsrServerInitialization
CsrUnhandledExceptionFilter

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�"
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ