d811a95d2c04ef3f150e133caca0467964b1a4a8cbd181cf5082000c44bf8828 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d811a95d2c04ef3f150e133caca0467964b1a4a8cbd181cf5082000c44bf8828
Size

73KB
MD5

7c9826202efdc5b01858eef382cbbe2a
SHA1

fd395bae9bf6a07b70619f821f0231744940f61d
SHA256

d811a95d2c04ef3f150e133caca0467964b1a4a8cbd181cf5082000c44bf8828
SHA512

8b20f06a6b918aa820897c07517327867283547114c7065336d607158ba38f4989c91cd310fddc95e7ad846a876bd36265ae3de59fbccd38e58293fbbe1312e5
SSDEEP

1536:ycIY2UNrx4xSqzGztw/DSN8fVWSRtySCuMe4f4G:9X2UNrASqzt/DSN8fVWS7yf4G

Score

N/A

Malware Config

Signatures

Files

d811a95d2c04ef3f150e133caca0467964b1a4a8cbd181cf5082000c44bf8828
.dll windows x86

f18401468686a306708f96ca1a537a7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsDereferencePrimaryToken
RtlInitString
RtlCompareString
IoUpdateShareAccess
KeInitializeTimerEx
ExIsProcessorFeaturePresent
KeSetKernelStackSwapEnable
PoUnregisterSystemState
SeTokenIsRestricted
RtlFreeAnsiString
RtlInitUnicodeString
RtlEqualSid
ExNotifyCallback
RtlCharToInteger
CcSetBcbOwnerPointer
FsRtlCheckLockForReadAccess
RtlEqualString
IoCreateFile
strncpy
MmUnmapIoSpace
RtlIntegerToUnicodeString
CcZeroData
RtlEqualUnicodeString
KeSetTargetProcessorDpc
IoGetDriverObjectExtension
ZwFsControlFile
KeCancelTimer
KeInitializeSemaphore

Sections

.text
Size: 23KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ