Static task
static1
Behavioral task
behavioral1
Sample
d9d8a789e2166831de98c9f5064e7f563cd035b6487f99f4446b6cb09bb0d065.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d9d8a789e2166831de98c9f5064e7f563cd035b6487f99f4446b6cb09bb0d065.exe
Resource
win10v2004-20220812-en
General
-
Target
d9d8a789e2166831de98c9f5064e7f563cd035b6487f99f4446b6cb09bb0d065
-
Size
75KB
-
MD5
7430f405a1f8764f76931d99f387b210
-
SHA1
b0ed50fb32f9117e8b5bfadef1180522c619e605
-
SHA256
d9d8a789e2166831de98c9f5064e7f563cd035b6487f99f4446b6cb09bb0d065
-
SHA512
6b32be760a53e885ac1e1ae077268cad9875a623e749f82704aa26146929bee709d969d3ec0a6e4c263bb1e0dd7eb5dd4b9377e1633fa2944e034835bfec5d46
-
SSDEEP
1536:9Vt5H74QdaDeIOFkKfoCnLrJyKqJ9GDTY2lqKkk/up:RZ0iaDMlznvA1J9GDT9/X/up
Malware Config
Signatures
Files
-
d9d8a789e2166831de98c9f5064e7f563cd035b6487f99f4446b6cb09bb0d065.exe windows x86
8e3fd9749ac39ea9cd20693b2c4e3bc8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateKey
ZwOpenKey
RtlFreeUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
ZwLoadDriver
ZwWriteFile
IoCreateFile
ZwCreateFile
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 189B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 422B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 318B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ