836f02aeb465d8f586944ac3cda62a5d3b9f396a9c8d7a9e35165b795c9e7292 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

836f02aeb465d8f586944ac3cda62a5d3b9f396a9c8d7a9e35165b795c9e7292
Size

6KB
MD5

398ec8d055eec39f245894c8bbaf3ce0
SHA1

084485d562b9b4bbac57e5755b597c2accd9dfea
SHA256

836f02aeb465d8f586944ac3cda62a5d3b9f396a9c8d7a9e35165b795c9e7292
SHA512

681c34439837124bb0f61c8843462ba3474ccd99bc6404fe93b9e503d7bf790ae9a2b6154bcc6aebe3b76b39f5fc97ca8f67374662f2cc98392db25dd17d5cfd
SSDEEP

96:2xvc2n7G3QHYbHFPkJo1nbDidIcI2yOYLEKFaTjNyGcApxppVSz:2J7iQ42oRvi9I3/LH0txH

Score

N/A

Malware Config

Signatures

Files

836f02aeb465d8f586944ac3cda62a5d3b9f396a9c8d7a9e35165b795c9e7292
.dll windows x86

e610606a11a87777a4b7b6452a47757a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
PsCreateSystemThread
RtlDeleteRegistryValue
RtlWriteRegistryValue
RtlCreateRegistryKey
ZwWriteFile
ExFreePoolWithTag
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlRandom
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlGetVersion
PsTerminateSystemThread
ZwLoadDriver
RtlAppendUnicodeStringToString
RtlQueryRegistryValues
KeDelayExecutionThread

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 213B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 128B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 568B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ