b09df5261a0367a73cea9547c4faebcb21f9fbf572c32e7e6f7d7f5fe3597606 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b09df5261a0367a73cea9547c4faebcb21f9fbf572c32e7e6f7d7f5fe3597606
Size

28KB
MD5

5a59f2153735d9b4d7fe2c0e8e5f8d30
SHA1

17c350916cfe77900cc2fa8a9991b2bb2ec9b476
SHA256

b09df5261a0367a73cea9547c4faebcb21f9fbf572c32e7e6f7d7f5fe3597606
SHA512

3e43d18071afeb668f4db8076c3078c9231baf3e48698b3ce69697bae65c751f2a2358b39ceabb45c60afd6c7308bb1e10aa66e6bbac66b1fce98ab6eb11c385
SSDEEP

384:aNoO6guxp15w0i9lC8+jBWg1aC1U+w9glCN8St9mnICD7xDucdycooCI9:YoLgux3s9lCvWgEgwN1t9K3RuKyg

Score

N/A

Malware Config

Signatures

Files

b09df5261a0367a73cea9547c4faebcb21f9fbf572c32e7e6f7d7f5fe3597606
.exe windows x86

d6c5d4b580a8eb96e286ab0bf895ebee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlInitUnicodeString
MmIsAddressValid
_stricmp
MmGetSystemRoutineAddress
wcslen
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_wcsnicmp
swprintf
_except_handler3
RtlCopyUnicodeString
ZwUnmapViewOfSection
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
_strnicmp
wcscat
wcscpy
strncpy
IoGetCurrentProcess
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
strncmp

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ