540d00a496df5fb33ddef26a75dc39e4070905e0902cb95efcd107f29882f667 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

540d00a496df5fb33ddef26a75dc39e4070905e0902cb95efcd107f29882f667
Size

41KB
MD5

29988d27448f7a703a8fcb7a5bef6090
SHA1

fe78e1dbb240fed75c1dff38e093cd8d59eb31f6
SHA256

540d00a496df5fb33ddef26a75dc39e4070905e0902cb95efcd107f29882f667
SHA512

1ad9f542f3ef9f10771615a55345bdf821c5754fb24ac5cb0306d6b9538d9d2170aad90db3c03269662ae1dc84f5b0d41d8c45f3cac8e74667363beaa63d4295
SSDEEP

768:9cQ5FtepPwBv28g3ekuD2mviQvmIkfxF6lyoz0LkM1n0:9x5bepP2jxkw2YvmIMkyoC0

Score

N/A

Malware Config

Signatures

Files

540d00a496df5fb33ddef26a75dc39e4070905e0902cb95efcd107f29882f667
.exe windows x86

23a9989ca96195d9c9f09a4d9008aab6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsNonPagedSystemAddressValid
ExAllocatePoolWithTag
wcsncmp
MmMapLockedPagesSpecifyCache
MmGetSystemRoutineAddress
RtlInitAnsiString
RtlAnsiStringToUnicodeString
_allmul

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ