d466773e41181f4c6e9232dc51991a978c42df01b3a8221637c542ca78c0714d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d466773e41181f4c6e9232dc51991a978c42df01b3a8221637c542ca78c0714d
Size

21KB
MD5

0a9edf760dee1c6979fa790aef585d51
SHA1

a8e631e8d8403a83e445c554d98f3f2efb924e79
SHA256

d466773e41181f4c6e9232dc51991a978c42df01b3a8221637c542ca78c0714d
SHA512

16d39587256a6c59c7fbdf3033e1b1b0b92222921334fc344427cba11f4df698a4ffa478d3f1142fb57eafc0924e0f47c54f277042e9cfbcb8ddf6a7a1a02a99
SSDEEP

384:DDdkyxfrIUPo6RcsOvsbY5jNzveYgbPPM3qzv8fgxLlvhWiHlD:DBTxfcUNfOvyY5jNzveYcHmmv8fgxLlX

Score

N/A

Malware Config

Signatures

Files

d466773e41181f4c6e9232dc51991a978c42df01b3a8221637c542ca78c0714d
.exe windows x86

2d1c3e331dd6e59b9d2b770609b37287

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
ZwCreateFile
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 958B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ