da886dccc94eef154a1c721b2d44cd9b14b7d658d318efd1cae10b84cb93239e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da886dccc94eef154a1c721b2d44cd9b14b7d658d318efd1cae10b84cb93239e
Size

51KB
MD5

91e90bb82cb1c7f8f0b1aaf9be091216
SHA1

3d551825b77b6fe909b620873679237c011b0cb0
SHA256

da886dccc94eef154a1c721b2d44cd9b14b7d658d318efd1cae10b84cb93239e
SHA512

1adf7b197971191c6a8a428102fa6cc3fc5d5c0a9d5e22e4c9c6382608071c83f72de78049eb7a3d48447c3335d24c25a810a047cfc66e1aaa28206172551915
SSDEEP

1536:WniebVOZyS8I69fiqWsVKrjqweH1lHVOll:WniebVO0gEeYW2PlCl

Score

N/A

Malware Config

Signatures

Files

da886dccc94eef154a1c721b2d44cd9b14b7d658d318efd1cae10b84cb93239e
.dll windows x86

64ef21671069205c09c5f79b665ca2b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeUnstackDetachProcess
IoAllocateIrp
ZwCreateKey
ZwQuerySymbolicLinkObject
MmBuildMdlForNonPagedPool
RtlIntegerToUnicodeString
RtlCompareString
PoRegisterSystemState
SeCaptureSubjectContext
KeInitializeSpinLock
RtlEqualString
ZwFlushKey
RtlClearBits
RtlFindClearBits
RtlDeleteRegistryValue
RtlCharToInteger
IoInvalidateDeviceState
RtlEqualUnicodeString
ExLocalTimeToSystemTime
SeImpersonateClientEx
RtlInitString
RtlCompareMemory
CcSetBcbOwnerPointer
RtlInitUnicodeString
ExFreePoolWithTag
ExGetPreviousMode

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ