9faf499dd8fcf7ad3253332ff9d968ef6b68c48e570921e3b2b1824c2b31f085 | Triage

Submit
Reports

Overview

overview

1

Static

static

9faf499dd8...85.exe

windows7-x64

9faf499dd8...85.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

9faf499dd8fcf7ad3253332ff9d968ef6b68c48e570921e3b2b1824c2b31f085.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

9faf499dd8fcf7ad3253332ff9d968ef6b68c48e570921e3b2b1824c2b31f085.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

9faf499dd8fcf7ad3253332ff9d968ef6b68c48e570921e3b2b1824c2b31f085
Size

22KB
MD5

3e592d72f5c2eb6c3f43a3470e6c27a0
SHA1

5962d24206958eedd70f09663d716f339a93c25f
SHA256

9faf499dd8fcf7ad3253332ff9d968ef6b68c48e570921e3b2b1824c2b31f085
SHA512

6d813b2fb476fe499db78af9fa68b7aca5d11ddb48cbfcc4c2c484073fa1285a47524c7f012dd11673147675d04facdc6ad2804bd83710868de4b59a42b3e589
SSDEEP

384:W22j8wVu0nmEtWnBVr5/g2xyjAO6WqM18/+P58N:WPyEtyrF/MjADM++P58N

Score

N/A

Malware Config

Signatures

Files

9faf499dd8fcf7ad3253332ff9d968ef6b68c48e570921e3b2b1824c2b31f085
.exe windows x86

8aacbebb48741583b9cc1b040ae1bbb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
strcmp
PsLookupProcessByProcessId
PsTerminateSystemThread
KeDelayExecutionThread
ZwClose
PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
PsLookupThreadByThreadId
wcscmp
memcpy
KeUnstackDetachProcess
KeStackAttachProcess
ZwAllocateVirtualMemory
ZwOpenProcess
KeInsertQueueApc
KeInitializeApc
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
NtBuildNumber
IofCompleteRequest
MmIsAddressValid
KeBugCheckEx
ObReferenceObjectByName
IoDriverObjectType
MmGetSystemRoutineAddress

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy