4fbd18ca6272f5d8bf15b28a08afbcea7542358f8500fcf4cd60fa3121c2b075 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4fbd18ca6272f5d8bf15b28a08afbcea7542358f8500fcf4cd60fa3121c2b075
Size

5KB
MD5

642e68ffde20279072b228c6925f1291
SHA1

bd73d49dab8db7f797be8d4ebdf5a91ef0a2d273
SHA256

4fbd18ca6272f5d8bf15b28a08afbcea7542358f8500fcf4cd60fa3121c2b075
SHA512

ca1e1cc9c667410eeca5bfaa3f05492b1f976d1dc226953091684eb7a80e61eeba30b42625dae5ac6ad55fe7149b4d5253de43ed0cb51a53973333c9a8813ecc
SSDEEP

96:2Kvob198Tb7Nb/7vBXieiEHKn8vm86N8uy1h6y81Gh9X7:2b198TbZTrBXieiEq+m58uyKJ0n

Score

N/A

Malware Config

Signatures

Files

4fbd18ca6272f5d8bf15b28a08afbcea7542358f8500fcf4cd60fa3121c2b075
.exe windows x86

f86e8fe8b263ea93ee50105a86dc4420

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapLockedPages
MmBuildMdlForNonPagedPool
ExFreePoolWithTag
wcslen
RtlWriteRegistryValue
RtlCreateRegistryKey
RtlCompareUnicodeString
ZwNotifyChangeKey
ZwOpenKey
ZwClose
ZwSetValueKey
ZwCreateKey
RtlQueryRegistryValues
memmove
ExAllocatePoolWithTag
RtlInitUnicodeString
_except_handler3
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
MmCreateMdl
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ