942c78ce12c2874259c366c3ede79a4e2986b28066c8f0218c5bf06b61bfca45 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

942c78ce12c2874259c366c3ede79a4e2986b28066c8f0218c5bf06b61bfca45
Size

26KB
MD5

3b5d8be640fc3051542b3644a08eb1e4
SHA1

1892fdcacd94317ca0d10dfab18e5b5d25e3faa6
SHA256

942c78ce12c2874259c366c3ede79a4e2986b28066c8f0218c5bf06b61bfca45
SHA512

0124a2c30513afefe07d21e9c300eab44c8937236b87f85764592b5b35dc5a0dcdb35e42438a3e23f345d8a034e53e11769060fa4f8dfb387702e91cdbdfec1f
SSDEEP

768:7o/P+S9G4+kqVHmw6YF8nUTBN3+JeBNe5Sq5cSoFSs:+bQywPAUTBlYeBUQacSjs

Score

N/A

Malware Config

Signatures

Files

942c78ce12c2874259c366c3ede79a4e2986b28066c8f0218c5bf06b61bfca45
.exe windows x86

926687dd6b873e135e89be07ffbb3b47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwClose
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwCreateFile
IoRegisterDriverReinitialization
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
IofCompleteRequest
wcsstr
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
wcsncmp
towlower

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ