30f30817aa485574702b6f9899231cdd9cc700ef543febbf52d51cbdf92d81a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30f30817aa485574702b6f9899231cdd9cc700ef543febbf52d51cbdf92d81a8
Size

12KB
MD5

e94711eb7e1a36483f9f5ab2395f734d
SHA1

87a46aaacb3f647721ce28504b1dd63882a92b4e
SHA256

30f30817aa485574702b6f9899231cdd9cc700ef543febbf52d51cbdf92d81a8
SHA512

3653039afdcfeda1a50261f347c5197d77b06c2fd5b08635dc31a2481c279fbeff7b228cf3406f94900c1d79826d7b70f9eee5fe00da0ea2888c71bc83796f41
SSDEEP

192:JHEEjNotCyWCl8mRWnY2E9Hf6zP8r71eUmDS9n/nZL:J1QWCl8mRWB+/6zkr7FmDSRnt

Score

N/A

Malware Config

Signatures

Files

30f30817aa485574702b6f9899231cdd9cc700ef543febbf52d51cbdf92d81a8
.exe windows x86

7a9fe06eef7b21062bd6c2956b8624fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
DbgPrint
_except_handler3

Sections

.text
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 352B - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ