cb4d61138bce56a042dba522a1811c05b95bc23e822cdb2b1f381e22d2695ae3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb4d61138bce56a042dba522a1811c05b95bc23e822cdb2b1f381e22d2695ae3
Size

25KB
MD5

b1fa834ed8b07abaf42f6b7bdc6fb23d
SHA1

9861e4122be83381ea561de5f70544e5b05381b5
SHA256

cb4d61138bce56a042dba522a1811c05b95bc23e822cdb2b1f381e22d2695ae3
SHA512

48c85cc23620a2ce3c35c26c28c4acad2eef8691838aa61e860a3884809e82c9235c7135d434c71fd29679cfdd58f9d3ece96265282feb3d40f7c5f5a7d514f6
SSDEEP

384:sFzU16BjbcBXTf9XfKzU+KifVH/HnsZfJfsZjCpTAs0Q93kkMNRUF1jT586AsPzD:slU0aXJX2FfZOgN+OYhfi/Y

Score

N/A

Malware Config

Signatures

Files

cb4d61138bce56a042dba522a1811c05b95bc23e822cdb2b1f381e22d2695ae3
.exe windows x86

a3fbdcf4b7fa16723c3d8f42a0ba9d25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
IoRegisterDriverReinitialization
ZwCreateKey
wcslen
wcscat
wcscpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwUnmapViewOfSection

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 958B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 608B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ