68a04404334697ad0e50841f63985832eb35daff982c2bff330a12fb10468fe0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68a04404334697ad0e50841f63985832eb35daff982c2bff330a12fb10468fe0
Size

34KB
MD5

128829b59f040a4d33babe2e2b410c6b
SHA1

908631dd9dcba4c9ba5a5056657b957c762f4e89
SHA256

68a04404334697ad0e50841f63985832eb35daff982c2bff330a12fb10468fe0
SHA512

38626e880f5dc350b9c8c7975b823935d18b4df859c1c44f53f5f1b3d04f16438f859f8d510500bbfb40bcb845f49b54ed51e04fbe36287bf7aae09a600b8d9d
SSDEEP

768:E6Rcf7+ya8vvE0Bs7cYhiFw8ih4jSFcVH7564/NT:E6RcbaIEcf2ph4jSSHl64/

Score

N/A

Malware Config

Signatures

Files

68a04404334697ad0e50841f63985832eb35daff982c2bff330a12fb10468fe0
.exe windows x86

6c1c47250f04345270a283e47b3fc4e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlPrefixUnicodeString
NtClose
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlEqualUnicodeString
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlInitUnicodeString
wcslen
NtSetInformationFile
wcscpy
NtOpenFile
wcsncpy
RtlFreeHeap
NtSetValueKey
wcsstr
_wcslwr
RtlAllocateHeap
NtQueryValueKey
NtOpenKey
RtlOemToUnicodeN
NtReadFile
NtQueryInformationFile
NtCreateFile
wcschr
qsort
RtlReAllocateHeap
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlUnwind
NtQueryVirtualMemory
DbgBreakPoint
RtlUnicodeStringToAnsiString
RtlNormalizeProcessParams

Sections

_kelly_
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ