1432250785470cc49bc413a6d4dddd4cf5dedceb692850975237d547acaed6e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1432250785470cc49bc413a6d4dddd4cf5dedceb692850975237d547acaed6e6
Size

19KB
MD5

24e0c6e5a037f4fc0845295879d1ef3d
SHA1

3a37baa873f29ba1a6db67eef08d20246bdff1c3
SHA256

1432250785470cc49bc413a6d4dddd4cf5dedceb692850975237d547acaed6e6
SHA512

a5834e54657c4b5a1dda3a47e2007929f4986abeed163827c5b867b95532c2c33eb8f1df5439e8325189f0e41e1f719057d931f002a64295076e3ff40b70d2a5
SSDEEP

384:LfZX1mG/DPmO9k/10NMjw4j3DhXJPo7abvaUan7rwtRns/RjA9w6b8Qx:LxX1VDPmO9k/+Nv4j3DhK7MaUaXwbnMW

Score

N/A

Malware Config

Signatures

Files

1432250785470cc49bc413a6d4dddd4cf5dedceb692850975237d547acaed6e6
.exe windows x86

da29e542c8b61b76c717bd150e04ff5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsncmp
wcslen
towlower
tolower
atol
isxdigit
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
strstr
isupper
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwCreateFile
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
strrchr
toupper
isdigit
islower
wcsstr
_strnicmp
srand
isprint
IoDeleteDevice
IoCreateSymbolicLink
ZwQueryInformationFile
strncmp
strncpy

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 960B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ