a2e49c455862ddf20175a7bff70d1f9af625657c623047c950ea5afa95e84bc3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2e49c455862ddf20175a7bff70d1f9af625657c623047c950ea5afa95e84bc3
Size

61KB
MD5

7b2f14ec9ff6d592094c74701f00d236
SHA1

5a78c980b0d0510f24f21be12ebc458e068f92ad
SHA256

a2e49c455862ddf20175a7bff70d1f9af625657c623047c950ea5afa95e84bc3
SHA512

c54b34618b35f8dbb9a8666e588063fb26de228ba762ae62caf26b8765945514ebe55e2da25f2880be4c130ce33add1117e2fee6b197a2e1fdde4772797414ef
SSDEEP

1536:Ewu9iufaIvz1b4G4rWSBmbI5wzYVmcsdR:tu9iufaIvz1cG4qbeYYVmcsdR

Score

N/A

Malware Config

Signatures

Files

a2e49c455862ddf20175a7bff70d1f9af625657c623047c950ea5afa95e84bc3
.dll windows x86

251531c85c0e81cb4e8b090c6dd86ac2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlUpperChar
ZwReadFile
KeBugCheckEx
PoRegisterSystemState
IoDetachDevice
CcIsThereDirtyData
ZwAllocateVirtualMemory
IoDeleteSymbolicLink
RtlEqualString
RtlEqualUnicodeString
IoWriteErrorLogEntry
KeLeaveCriticalRegion
RtlInitializeBitMap
KeInitializeDeviceQueue
RtlUnicodeStringToInteger
SeCaptureSubjectContext
ExFreePool
RtlInitString
PoCallDriver
KeSetKernelStackSwapEnable
MmSetAddressRangeModified
IoReleaseCancelSpinLock
FsRtlAllocateFileLock
IoReuseIrp
FsRtlLookupLastLargeMcbEntry
MmIsAddressValid

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ