Static task
static1
Behavioral task
behavioral1
Sample
2c51ab26049790dd0e18ce5c51f75609a18f1a617b8e6b635b95b9d5850715aa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2c51ab26049790dd0e18ce5c51f75609a18f1a617b8e6b635b95b9d5850715aa.exe
Resource
win10v2004-20220812-en
General
-
Target
2c51ab26049790dd0e18ce5c51f75609a18f1a617b8e6b635b95b9d5850715aa
-
Size
16KB
-
MD5
7a37f6841ccc974717c24ed5f132bdc0
-
SHA1
6ef6587bbcf1518eee51838a8af5eb43eadf9e6d
-
SHA256
2c51ab26049790dd0e18ce5c51f75609a18f1a617b8e6b635b95b9d5850715aa
-
SHA512
3506fd0909052c992f70edbedc775cf20a43536ee0efe08e7b62ceb2c2ad97483f7c9b960ece2c2c38944781fe3ebcead9bf580a88d011b7e685fbe73e099c16
-
SSDEEP
384:U+ZK6L9ymhLnsxBGNv09qK0AolBs7nmfzyVKJnfFmjVoKySz:U+ZK09ymVsp9qK3olBfzbshtyS
Malware Config
Signatures
Files
-
2c51ab26049790dd0e18ce5c51f75609a18f1a617b8e6b635b95b9d5850715aa.exe windows x86
84ec41d4c7e42a7aa563c93134929f03
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
KeDelayExecutionThread
ZwCreateKey
wcslen
isxdigit
swprintf
isprint
wcscat
wcscpy
tolower
strrchr
_wcslwr
wcsncpy
PsGetVersion
atol
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
isupper
isdigit
atoi
srand
strchr
isspace
strstr
IoRegisterDriverReinitialization
MmIsAddressValid
islower
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
toupper
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 804B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ