800d4536556f324c9705f346a9855c81a17deb84bf0854443110186f896fb4f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

800d4536556f324c9705f346a9855c81a17deb84bf0854443110186f896fb4f2
Size

43KB
MD5

86c3d4673470281c892af6c71d87e142
SHA1

3d742f8723bf473e8c3ec830e652b6bff480e0f0
SHA256

800d4536556f324c9705f346a9855c81a17deb84bf0854443110186f896fb4f2
SHA512

5ede4510ec6e48b58101ef0b27117b397627eb35e62263b76c014b52c443caaaa69a121f03440653ac6087ac1c1037dc7710b1d22ea2e47e103525826838ee87
SSDEEP

768:gX7MGH5pDCissGwqEhoI0MOVGAVUiTaR+r+THqYln19EQ3uUO+1+taTfEcY:grMGH5BCicFYljkTa+OqWkUO+Xo

Score

N/A

Malware Config

Signatures

Files

800d4536556f324c9705f346a9855c81a17deb84bf0854443110186f896fb4f2
.dll windows x86

ea71e95a3b662787bf71427b9cf0ff35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExUuidCreate
RtlFreeAnsiString
KeInsertDeviceQueue
ZwQueryKey
RtlCompareString
KeSetEvent
ObReferenceObjectByPointer
SeAccessCheck
MmGetPhysicalAddress
SeCreateClientSecurity
IoBuildSynchronousFsdRequest
ExInitializeResourceLite
RtlInitString
KeStackAttachProcess
RtlUnicodeStringToInteger
RtlEqualString
IoCancelIrp
ZwEnumerateKey
RtlEnumerateGenericTable
ZwEnumerateValueKey
KeInitializeDeviceQueue
IoFreeWorkItem
MmUnmapIoSpace
RtlLengthSecurityDescriptor
KeRemoveDeviceQueue

Exports

Exports

?odfkXpzEijUzaU@@YGNPAF@Z
?lgcgsdcabwApeehmKLoDu@@YGDPA_N@Z
?bagGyYkikFzwSh@@YGPAKMF@Z

Sections

.text
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ