f221046e04812cb9cc27d82d35d6445f70801fb9ed0755d8cdffee45b61ba525[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f221046e04812cb9cc27d82d35d6445f70801fb9ed0755d8cdffee45b61ba525.exe
Size

21KB
MD5

5d0de7f05d673ba4135d698134385416
SHA1

8f54cb2091ef206bb9b608c5d2e2e8ee53176e51
SHA256

f221046e04812cb9cc27d82d35d6445f70801fb9ed0755d8cdffee45b61ba525
SHA512

ad9844c47a5958df1d24041a9b1e0320c460e685c6a08c0af6b292c30e659182a53a4b57c005357938846fb27268e5b6ccceea1e55da1a2112052183e745c349
SSDEEP

384:Hi3b+JWPVSsf0Kb+m5FbSBDbzKG+eV8NoFAoHq0vkpG6Bm2mxAhdw:LiVSs0KVnbSRbmNoiC3vkoTxA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f221046e04812cb9cc27d82d35d6445f70801fb9ed0755d8cdffee45b61ba525.exe

Files

f221046e04812cb9cc27d82d35d6445f70801fb9ed0755d8cdffee45b61ba525.exe
.sys windows:10 windows x64 arch:x64

74b08518b0767e2e0d22ac4c02c62c8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb

Imports

ntoskrnl.exe

wcsstr
RtlInitUnicodeString
DbgPrint
KeInitializeEvent
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapLockedPages
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlRandomEx
IoEnumerateDeviceObjectList
ObQueryNameString
swprintf
ObReferenceObjectByName
rand
IoDriverObjectType
tolower
strstr
MmCopyMemory
ZwQuerySystemInformation

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE