dbdf9e826f14df3dfd0e7a53164f6dfe1212ce8b6901829a145d19bcf05bd4d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbdf9e826f14df3dfd0e7a53164f6dfe1212ce8b6901829a145d19bcf05bd4d5
Size

20KB
MD5

4f453c3015034dd22eb1d492d36bfa0e
SHA1

d8e26d2438a6fabd8cdea3a32f509334c39c2edf
SHA256

dbdf9e826f14df3dfd0e7a53164f6dfe1212ce8b6901829a145d19bcf05bd4d5
SHA512

200aff256eeebc2bfffe793e955f86174683bd6237eed93232914a68dc581dc0b7a83339a5e3ac56899b31dcd5552d70f5910ff93e37f942dbe97fd38dec119b
SSDEEP

192:AQpSaUwQuC4MjHb0lQnUVgeQR1Zj1qxPTWEeYkdJw7Zkuoku4oa4In9xOI:ZUDufMH0lQUVgTRbiPqEeYkdLXIbO

Score

N/A

Malware Config

Signatures

Files

dbdf9e826f14df3dfd0e7a53164f6dfe1212ce8b6901829a145d19bcf05bd4d5
.exe windows x86

af586330173dde6bba0e89bcae33d261

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strlen
ZwClose
ExFreePool
ZwWriteFile
strcat
memset
ExAllocatePoolWithTag
ZwCreateFile
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
_except_handler3
RtlFreeUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
_snwprintf
ZwEnumerateKey
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
_wcsnicmp
wcslen
memcpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
PsGetVersion
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
isprint

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 988B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ