791259d3aa0b43c4651cd8bbea6eae94d18b76295e53fc96ce97b6c19690f095 | Triage

Submit
Reports

Overview

overview

6

Static

static

791259d3aa...95.dll

windows7-x64

6

791259d3aa...95.dll

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

791259d3aa0b43c4651cd8bbea6eae94d18b76295e53fc96ce97b6c19690f095.dll

Resource

win7-20220812-en

bootkit persistence

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

791259d3aa0b43c4651cd8bbea6eae94d18b76295e53fc96ce97b6c19690f095.dll

Resource

win10v2004-20220901-en

bootkit persistence

windows10-2004-x64

2 signatures

150 seconds

General

Target

791259d3aa0b43c4651cd8bbea6eae94d18b76295e53fc96ce97b6c19690f095
Size

7KB
MD5

467c1c0cbcf0383d2adc11ea367eea90
SHA1

3fa6e3e557c6c3433ceea6aeab6a5b54e1274290
SHA256

791259d3aa0b43c4651cd8bbea6eae94d18b76295e53fc96ce97b6c19690f095
SHA512

4ea5ad40a0ac181d68e808559541a35be2a38229d459b7b0b91dfe1e27116d94014dcff79de67d43c4f274e9354b64d27169ae2d659c62b9f0a2830d036241be
SSDEEP

192:Lthc3gfdWqSCZPOlHnFpkGMLVPPVLT/iX:Lg30LPos7LVFf/iX

Score

N/A

Malware Config

Signatures

Files

791259d3aa0b43c4651cd8bbea6eae94d18b76295e53fc96ce97b6c19690f095
.dll windows x86

daf239d34996e21744a633336bdf6c80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
DeviceIoControl
CreateFileA
CreateProcessA
WriteFile
GetTempFileNameA
GetTempPathA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
lstrcatA
GetEnvironmentVariableA
QueryPerformanceCounter
WaitForSingleObject
Sleep
CreateThread

ws2_32

closesocket
recv
send
connect
htons
socket
WSACleanup
WSAStartup

Exports

Exports

WLEventStartShell

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy