10f50802b8d124fcb96524b1316dfe126ea70420a6fa1b36c1a42cd6500f2451 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10f50802b8d124fcb96524b1316dfe126ea70420a6fa1b36c1a42cd6500f2451
Size

27KB
MD5

0e927e0c277843444ec0d0dcf81f3750
SHA1

c8c8a0d0645034b57d902d469d3694fff34335bf
SHA256

10f50802b8d124fcb96524b1316dfe126ea70420a6fa1b36c1a42cd6500f2451
SHA512

8760767d815902a80b1d65f528c6784f6ff57bbba6c282ad5cc51f1c972a628e32a4157c40b1b0327a65807073aedb241852158e193489b72aea06c16531f6a9
SSDEEP

768:gw6aW58pOT+dEektL+kNS3YjDaBfW+wT4IKGeVE29xuO2:T6aw8pQqEektLbiYjDewUIaiSY

Score

N/A

Malware Config

Signatures

Files

10f50802b8d124fcb96524b1316dfe126ea70420a6fa1b36c1a42cd6500f2451
.exe windows x86

2c416a362208b2f902ce2ba39964a698

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
wcslen
swprintf
wcscat
wcscpy
_strnicmp
_wcsnicmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
_stricmp
strncpy
_except_handler3
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
ObfDereferenceObject
_itow
ZwClose
ZwOpenKey
strncmp
IofCompleteRequest

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 914B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ