8ede692af3268b3ad61ccf8916bb36bb78376612601b7a1f134603798ab2d459 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ede692af3268b3ad61ccf8916bb36bb78376612601b7a1f134603798ab2d459
Size

61KB
MD5

0ec4e28eed3d2bf3d9ac48c9e6a333db
SHA1

70c0ff3bf09040372b233538cf226f42b2f69f16
SHA256

8ede692af3268b3ad61ccf8916bb36bb78376612601b7a1f134603798ab2d459
SHA512

a1845eb802d489124990bec778cfe9e4ff9594ac5c10c13903b29d0d347ea7843970244d69b989fa17f9c132232d73eba21bf8f18cb604063b41d9892cba361f
SSDEEP

1536:1PMaDN1Lp1r0xRgQ3jLNtEtrDmMDPiokLwzYVmcsdR:1PFN9HrCRgiCDmMDPnIYYVmcsdR

Score

N/A

Malware Config

Signatures

Files

8ede692af3268b3ad61ccf8916bb36bb78376612601b7a1f134603798ab2d459
.dll windows x86

ab6a8d39cfc3cceef5a38efeb43187df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeCancelTimer
RtlUpcaseUnicodeToOemN
ZwAllocateVirtualMemory
SeDeassignSecurity
IoInitializeIrp
ExGetExclusiveWaiterCount
RtlGetNextRange
KeReadStateTimer
IoRegisterDeviceInterface
RtlCharToInteger
ZwFlushKey
KePulseEvent
RtlCompareString
KeRemoveQueueDpc
strncpy
ExReleaseResourceLite
RtlCheckRegistryKey
FsRtlCheckOplock
RtlEqualUnicodeString
RtlRemoveUnicodePrefix
RtlInitUnicodeString
RtlIntegerToUnicodeString
KeInitializeTimerEx
RtlEqualString
RtlInitString
RtlUpperChar
ZwDeviceIoControlFile
ZwDeleteKey
FsRtlFreeFileLock

Sections

.text
Size: 25KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ