5196396b1181354f4c7e1cdd7c8ed6c567da7600c3eb271844d932668af07dcd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5196396b1181354f4c7e1cdd7c8ed6c567da7600c3eb271844d932668af07dcd
Size

24KB
MD5

3e5c744145575d14e1e39d479e8a31e0
SHA1

ecd1e2af93f9103007f463a85476d383ca7c241e
SHA256

5196396b1181354f4c7e1cdd7c8ed6c567da7600c3eb271844d932668af07dcd
SHA512

b930eb97124a2bc98f478c1d3568a4e390fc506e9a30e6fbb4d90c8f923a841fc3f9ad2b270dfec6e4b10b02b5ed450ca6c94204a6346607d7393677aee8c74a
SSDEEP

768:EzOda8Ej+RjssnLJ0LHTKIKv01MDS7hgn8A:hdaoHOTKnM2DC+8A

Score

N/A

Malware Config

Signatures

Files

5196396b1181354f4c7e1cdd7c8ed6c567da7600c3eb271844d932668af07dcd
.exe windows x86

5ff4c279d2b53f184b7dfddb11634e73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ObfDereferenceObject
ObQueryNameString
ZwClose
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
_strnicmp
MmIsAddressValid
strncpy
IoGetCurrentProcess
swprintf
wcscpy
_except_handler3
wcslen
RtlCopyUnicodeString
KeServiceDescriptorTable
wcscat
IofCompleteRequest
_stricmp
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_wcsnicmp
ExFreePool
ExAllocatePoolWithTag
_snprintf
ZwQuerySystemInformation
ZwUnmapViewOfSection
strncmp
RtlCompareUnicodeString

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 732B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ