05118cb2fd4aced90ab7bac229b3fa9d6fc20d89d7bf9d9891d1d9b503bf7480 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05118cb2fd4aced90ab7bac229b3fa9d6fc20d89d7bf9d9891d1d9b503bf7480
Size

443KB
MD5

81e367ff17a36a8b8cba4984e07e1b12
SHA1

78f18ad1a67e205bff9a306d21989e673809963a
SHA256

05118cb2fd4aced90ab7bac229b3fa9d6fc20d89d7bf9d9891d1d9b503bf7480
SHA512

7ff2c33c2d98d23bc88ece4a29ab84381d71a1d4663fede305576a15a944728f1cd32f8d54e9d577a0526f38181e7ece6a35597c9734d7df3b7c1d2f5291e871
SSDEEP

6144:B/xHx9r6HIrMbA96Vid9szw77k6M8i1cES128JV3Lk1q13+pKSSFxi8d0Q7kTUxf:B/hr6HkJs0MO128JtpuY9ccSI8tAZH

Score

N/A

Malware Config

Signatures

Files

05118cb2fd4aced90ab7bac229b3fa9d6fc20d89d7bf9d9891d1d9b503bf7480
.dll windows x86

675003ddd0d93276b20a5d787f8a0ea2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlLengthRequiredSid
IoAllocateIrp
MmFreePagesFromMdl
IoAttachDeviceToDeviceStack
RtlEqualString
KeRemoveEntryDeviceQueue
RtlEqualUnicodeString
ProbeForRead
RtlInitUnicodeString
RtlDeleteNoSplay
ObGetObjectSecurity
RtlxAnsiStringToUnicodeSize
KeReadStateMutex
KeSetPriorityThread
RtlCharToInteger
RtlFillMemoryUlong
KeWaitForMultipleObjects
ExGetSharedWaiterCount
RtlCompareMemory
IoCreateStreamFileObjectLite
ZwCreateDirectoryObject
RtlInitString
KeInitializeDeviceQueue
MmIsDriverVerifying
RtlAppendStringToString
RtlUpperChar

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ