4588c5fa8a4601996b8f8e3447e0c0ba2526293db20f5ad6fd5430859ff3f69d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4588c5fa8a4601996b8f8e3447e0c0ba2526293db20f5ad6fd5430859ff3f69d
Size

28KB
MD5

0e541079f1801db5a1c25a79329c6140
SHA1

fe5fe4e3e53464753fc3a5b105da1ea3d16376f5
SHA256

4588c5fa8a4601996b8f8e3447e0c0ba2526293db20f5ad6fd5430859ff3f69d
SHA512

b3f6e2ea2c1aad1c261a41e227f07dfac2a0c99b919addf516bc7ae296aa6634c16bb74bd3c3d11b9d6b6ffc74f159ffd4cb63bae879ef7b680094aaebd97491
SSDEEP

768:pEalpLe7S1/H9Z+Q1TYC7hw1ib3IX5q+nIaqstVuOBUw/Te:ppLeGB9ZHlYC7hb3H+IazVuOBUw

Score

N/A

Malware Config

Signatures

Files

4588c5fa8a4601996b8f8e3447e0c0ba2526293db20f5ad6fd5430859ff3f69d
.exe windows x86

b4ef07979b80b803043d90ad9800e764

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcscat
wcscpy
_itow
ZwClose
RtlInitUnicodeString
ZwOpenKey
RtlCopyUnicodeString
_strnicmp
MmGetSystemRoutineAddress
wcslen
strncmp
_stricmp
strncpy
_except_handler3
RtlAnsiStringToUnicodeString
ObfDereferenceObject
swprintf
ExFreePool
_snprintf
ExAllocatePoolWithTag
IofCompleteRequest
_wcsnicmp

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 910B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ