0d9316c3781af5dde63aa5b9add66bd23a9b67353ae17968b72125cd8e5db92a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d9316c3781af5dde63aa5b9add66bd23a9b67353ae17968b72125cd8e5db92a
Size

72KB
MD5

80c4c87746253a903edfade4e75d5fcd
SHA1

d1a1a87be58cd0b23058283ae934ab1fa02aef7a
SHA256

0d9316c3781af5dde63aa5b9add66bd23a9b67353ae17968b72125cd8e5db92a
SHA512

26a57952f741f38a95d35a6dbe979e0afd54b4ab9838547716060b618fdcfdc3d7c169d1c1232ba69b22f180c12487fcbcfb28723394a65dcbd9e01c3e3df9f5
SSDEEP

1536:1asxWWadfNz1b4G4jWSsyD0AN3Fdl5w8xJXO3O:1askxNz1cG4L4KFdlq8x0e

Score

N/A

Malware Config

Signatures

Files

0d9316c3781af5dde63aa5b9add66bd23a9b67353ae17968b72125cd8e5db92a
.dll windows x86

79affb8fe7c287e775f879f0cf211351

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
RtlCreateUnicodeString
ExDeletePagedLookasideList
RtlUpperChar
RtlInitializeSid
SeQueryAuthenticationIdToken
RtlEqualString
PsGetCurrentProcess
IoStopTimer
CcZeroData
SeAssignSecurity
IoCheckQuotaBufferValidity
SeAccessCheck
RtlEqualUnicodeString
KeDelayExecutionThread
PoStartNextPowerIrp
CcIsThereDirtyData
KeSetEvent
ObGetObjectSecurity
ExAcquireResourceSharedLite
IoInvalidateDeviceRelations
PoSetPowerState
MmFreeContiguousMemory
RtlInitString
KeWaitForSingleObject
RtlInitUnicodeString
KeReleaseMutex
RtlNumberOfClearBits
ZwQueryObject

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ