73ab4c31b7aaa160dbfb1638f4a8a57799a410c512e45270c6dc0d00a2bbff56 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73ab4c31b7aaa160dbfb1638f4a8a57799a410c512e45270c6dc0d00a2bbff56
Size

23KB
MD5

a5bcca20362afaaf13d6d99242e06603
SHA1

7779c6732d522e7444b25eb8e82646588c3e7dcd
SHA256

73ab4c31b7aaa160dbfb1638f4a8a57799a410c512e45270c6dc0d00a2bbff56
SHA512

d727ce7d518a87f19965726ff68a341cbd874e9365618638861843faee8d13c887d62a178cb7d3e62a565a7b2e83cf7212ffa3901db11546f3c3daf0c9eca6c1
SSDEEP

384:W4HU3tdjLKEAIpXe7aXZeG3JaB9xzF3PbqvprwGKGQ0Rrcapw2:iTOEVpXiaX15CbqRrXNjRw

Score

N/A

Malware Config

Signatures

Files

73ab4c31b7aaa160dbfb1638f4a8a57799a410c512e45270c6dc0d00a2bbff56
.exe windows x86

1dc6fab3e13a4b63ac43de3deecb5743

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
PsGetVersion
_wcslwr
wcsncpy
swprintf
ZwUnmapViewOfSection
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwCreateKey
IoRegisterDriverReinitialization

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 958B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 608B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ