5c1a344c4f1499daefe93d5743b307e0f9c84e39c3d43b193103d7281fcf666c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c1a344c4f1499daefe93d5743b307e0f9c84e39c3d43b193103d7281fcf666c
Size

29KB
MD5

716c8e4fe4244984039b9d624e91abc0
SHA1

53b91cca84c70264d58da47137712b23a22b50da
SHA256

5c1a344c4f1499daefe93d5743b307e0f9c84e39c3d43b193103d7281fcf666c
SHA512

a78155956801145993c3a1c1970f950f5637b3c7b47040b835463e053eb6f890b17c22c0b0fb4bfdd637d68c7f6d48ba1b72b207c7c354be9b859bfecf241b60
SSDEEP

768:iTb141gquovYHRrcsemoN+SPzMiDFg8cMZAfzPcLK:iWOovar+moEagiXcMZAfzPce

Score

N/A

Malware Config

Signatures

Files

5c1a344c4f1499daefe93d5743b307e0f9c84e39c3d43b193103d7281fcf666c
.exe windows x86

884fd18736a9ae75ef95ddcf74b5495c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
RtlGetFirstRange
KeI386Call16BitCStyleFunction
ExRaiseHardError
RtlValidRelativeSecurityDescriptor
RtlAreAllAccessesGranted
ZwDeleteKey
RtlImageNtHeader
RtlEnumerateGenericTable
ZwQueryKey
CcFastMdlReadWait
_wcsicmp
MmSetBankedSection
CcGetDirtyPages
RtlAnsiStringToUnicodeString
PoSetPowerState
CcFlushCache
memcpy
IoGetConfigurationInformation
Ke386CallBios
ZwLoadKey
ObQueryNameString
KeEnterCriticalRegion
memset
_vsnprintf
KeQuerySystemTime
ExCreateCallback
RtlAreBitsSet
SeCloseObjectAuditAlarm
MmCanFileBeTruncated

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 623B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ