85db08be3ff0bc9d91c3fcebab460336b2402f45d889ca69059f43db5724a5ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85db08be3ff0bc9d91c3fcebab460336b2402f45d889ca69059f43db5724a5ed
Size

27KB
MD5

1803343ae57b2145dd9f30abc2dc3625
SHA1

71e7c4b05788cd7322150d20dd44de13adeb69f4
SHA256

85db08be3ff0bc9d91c3fcebab460336b2402f45d889ca69059f43db5724a5ed
SHA512

a7f600730c4549ac5113af8429d65d7a674b39c170fb466382651e7fe75c7c772332132f2a23a189d0d13ea0e579a20fa66065dfcac24e8621ee67aeb7ae81f6
SSDEEP

768:p3ydqwNOYS0d9RJbvh00fDEwmrEV56gCw+zeOvk:oqwYYS0b7h00Yne569w+Dvk

Score

N/A

Malware Config

Signatures

Files

85db08be3ff0bc9d91c3fcebab460336b2402f45d889ca69059f43db5724a5ed
.exe windows x86

a756e08c5b37cf76f9c4f95d2a227d0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
swprintf
RtlInitUnicodeString
_strnicmp
ObfDereferenceObject
strncmp
wcslen
wcscat
wcscpy
RtlCopyUnicodeString
strncpy
_stricmp
ZwClose
ZwOpenKey
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
_wcsnicmp

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ