ea9406d9703e4051a6a5a8935ff249dfe78e9789e1285e78fee6333e0cde3432 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea9406d9703e4051a6a5a8935ff249dfe78e9789e1285e78fee6333e0cde3432
Size

26KB
MD5

40166715bd353bcef3be7d6868156523
SHA1

ba0a63484ffa3058f1933aced8069e03bc89ac9a
SHA256

ea9406d9703e4051a6a5a8935ff249dfe78e9789e1285e78fee6333e0cde3432
SHA512

238e10bd2aada0b5e72fd8d8f38676888252f237446d26d7e8a696c204a2b2d465f5e5aca183ccf98e04d604bc3b3ef10c62a33405933e2219b34e962037a4e9
SSDEEP

384:+j2q+JgXQL7o6WmhuE3SOoYI2LZF+DwVeMMZ8Y611DIXFBD5/XSQ51vCg5U80Ytm:Wkv9V7Venc8FDDhUGO5BDewagvIhw

Score

N/A

Malware Config

Signatures

Files

ea9406d9703e4051a6a5a8935ff249dfe78e9789e1285e78fee6333e0cde3432
.exe windows x86

b5038b06ec66ca62cfa2227ce287dbb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
swprintf
MmIsAddressValid
ZwUnmapViewOfSection
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
RtlFreeUnicodeString
ZwCreateKey
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 986B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ