c4bc5fe4209c5a5a3d4087238a1b901d53c5bd8fdc5044f9e0fbde2253d67181 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4bc5fe4209c5a5a3d4087238a1b901d53c5bd8fdc5044f9e0fbde2253d67181
Size

378KB
MD5

91c5574b3d79d0f06d5917fe5dae0c3c
SHA1

186e8dfbeda62ba04c3009ec37799441eba6748a
SHA256

c4bc5fe4209c5a5a3d4087238a1b901d53c5bd8fdc5044f9e0fbde2253d67181
SHA512

1290ecc22b8b0f5265cb0eb15578f7e34dccae00b41cb5a1da83ea0efc796579c844a05bd893610386264bcc8e36ee931b49dff9b32fea02d210cf47cfba375e
SSDEEP

6144:ILpFWT3UVFms++k9kNIzk16ffkurOpbDIgFhXYWXMHJyUooBMpacpVnYrZVxWn6z:It23m5FQ2KJPcniWgdQsyDS

Score

N/A

Malware Config

Signatures

Files

c4bc5fe4209c5a5a3d4087238a1b901d53c5bd8fdc5044f9e0fbde2253d67181
.dll windows x86

74b17350f8a52940cd8577f130de3dc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlLookupLastLargeMcbEntry
ZwQuerySymbolicLinkObject
PsLookupProcessByProcessId
KeCancelTimer
RtlInitString
RtlFreeAnsiString
KeInitializeTimerEx
FsRtlSplitLargeMcb
RtlCompareString
RtlEqualUnicodeString
KdDisableDebugger
ObReferenceObjectByPointer
IoGetAttachedDevice
ExReinitializeResourceLite
PsGetVersion
strncpy
RtlCreateUnicodeString
MmGetSystemRoutineAddress
MmSizeOfMdl
IoGetDeviceToVerify
RtlIntegerToUnicodeString
RtlEqualString
RtlInitUnicodeString
ZwClose
RtlInitAnsiString
ExDeleteNPagedLookasideList
ObGetObjectSecurity
RtlCharToInteger

Sections

.text
Size: 23KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ