e7f41cc093116a30d5df666aae26c69813e13fe49ab694d87f1184da402d9bdf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e7f41cc093116a30d5df666aae26c69813e13fe49ab694d87f1184da402d9bdf
Size

10KB
MD5

b8a568a0ac215fd42a36622c483c7179
SHA1

73520a227c0e271be55466b54ba217ef4ff6046b
SHA256

e7f41cc093116a30d5df666aae26c69813e13fe49ab694d87f1184da402d9bdf
SHA512

6728c04985059be0f78cc3689b10075a7eeff551ed8012013017de18038664fbe1ed4ec0697b3d2970f9b7c2dd211e39560d5d6e4fcc1ae9a4012865695626a7
SSDEEP

192:ox7Hk+1jUSgh2ebaqK61p5L4mPmTdRM88ELbh2SviH:oJHkEgTGEp5L4mPmh688ELc5

Score

N/A

Malware Config

Signatures

Files

e7f41cc093116a30d5df666aae26c69813e13fe49ab694d87f1184da402d9bdf
.exe windows x86

bc27843f7953ac0db9944d004a76d462

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeServiceDescriptorTable
ZwDeviceIoControlFile
IofCompleteRequest
strncmp
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoGetCurrentProcess
IoCreateSymbolicLink
IoCreateDevice
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
_snprintf
PsGetCurrentProcessId

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ