50abc1a2085e8fad6ac461016936576dce20cf3b1ffc2c83bbada6cd5be5a9cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50abc1a2085e8fad6ac461016936576dce20cf3b1ffc2c83bbada6cd5be5a9cf
Size

81KB
MD5

0d9c798e87c01cfefdedea171daf2959
SHA1

6d0131ede3e0b99778e262ce79d0fa4839297635
SHA256

50abc1a2085e8fad6ac461016936576dce20cf3b1ffc2c83bbada6cd5be5a9cf
SHA512

0cb8c0eff66884ec420faa67d5b6499f8c7705e31214489c0aca7882851cb712d787b799494aedfe14f29c312cc2c252131fa95462a6d36a197a8e7f80d7ff59
SSDEEP

1536:YsjkyJRtFNNTZVjbi8Nx6BpH+KlUY7XIo6B45gwbEREXjt:YYkyJRtdTZVjblcHBlUYjIox5toRAt

Score

N/A

Malware Config

Signatures

Files

50abc1a2085e8fad6ac461016936576dce20cf3b1ffc2c83bbada6cd5be5a9cf
.dll windows x86

f18401468686a306708f96ca1a537a7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsDereferencePrimaryToken
RtlInitString
RtlCompareString
IoUpdateShareAccess
KeInitializeTimerEx
ExIsProcessorFeaturePresent
KeSetKernelStackSwapEnable
PoUnregisterSystemState
SeTokenIsRestricted
RtlFreeAnsiString
RtlInitUnicodeString
RtlEqualSid
ExNotifyCallback
RtlCharToInteger
CcSetBcbOwnerPointer
FsRtlCheckLockForReadAccess
RtlEqualString
IoCreateFile
strncpy
MmUnmapIoSpace
RtlIntegerToUnicodeString
CcZeroData
RtlEqualUnicodeString
KeSetTargetProcessorDpc
IoGetDriverObjectExtension
ZwFsControlFile
KeCancelTimer
KeInitializeSemaphore

Sections

.text
Size: 24KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ