602e0608a216cdfeb13cada8feed84c5b417b4ae95e25f70a08a935b510faf80 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

602e0608a216cdfeb13cada8feed84c5b417b4ae95e25f70a08a935b510faf80
Size

28KB
MD5

414ad074c2029c6207dba68db3f63d70
SHA1

1d0b02084ef5f3e884251e8a46f634d308ef6f3c
SHA256

602e0608a216cdfeb13cada8feed84c5b417b4ae95e25f70a08a935b510faf80
SHA512

96dde720a087abd587b2b2a6f3d9e6c5c6918ae9fda633655e88e40be1b5d2acc767d69d83e929c4912de7697608cf5e93793fe77d4c62185c9d1c9dac81cb1e
SSDEEP

768:90y1md6TBQbuQYLqE+mUuE4ck+mOWBSN7cqiZIikYHUlNFU:WyEU6Y29mUIywSWhOxYK

Score

N/A

Malware Config

Signatures

Files

602e0608a216cdfeb13cada8feed84c5b417b4ae95e25f70a08a935b510faf80
.exe windows x86

9e6764fed29323ea98118ccad97e8b71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
ZwClose
RtlInitUnicodeString
ZwOpenKey
wcslen
wcscat
wcscpy
_except_handler3
strncmp
ObfDereferenceObject
strncpy
_strnicmp
MmGetSystemRoutineAddress
ExFreePool
_snprintf
ExAllocatePoolWithTag
_wcsnicmp
IofCompleteRequest
_stricmp
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
_itow

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 864B - Virtual size: 850B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ