feb925c744cfee41962a39524029ab1f656c0d42e32728ae962936d40beb105e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

feb925c744cfee41962a39524029ab1f656c0d42e32728ae962936d40beb105e
Size

28KB
MD5

0d2082f32c555c1c8607250e57b47090
SHA1

d74627262b01aeb6bef503acb79756d217153c90
SHA256

feb925c744cfee41962a39524029ab1f656c0d42e32728ae962936d40beb105e
SHA512

8b63943e932dd673aafbb45ee66b80e35f148ad42aceda59f75816f6e09bac65e99854ef27202afa37373674a6ca59a08f0520be7f056c6cf6b8fb0428e33bfe
SSDEEP

384:nuePpzDIiNsLDYLkTRy8CopT8jBxDrglvlYFZ+vMN9Tv9rmbYgNFyONPHSF:nuyPnsLD8QAopwzslq3+vCTvd5gNF/e

Score

N/A

Malware Config

Signatures

Files

feb925c744cfee41962a39524029ab1f656c0d42e32728ae962936d40beb105e
.exe windows x86

989765f2b547c45834644e7827a92446

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlCopyUnicodeString
wcslen
wcscpy
wcscat
swprintf
strncmp
IoGetCurrentProcess
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
ObfDereferenceObject
ObQueryNameString
ExFreePool
ExAllocatePoolWithTag
strncpy
_except_handler3
IofCompleteRequest
_strnicmp
_wcsnicmp
_stricmp
RtlCompareUnicodeString
_snprintf
ZwQuerySystemInformation

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ