a28e377c1aa6472ca52e5112590b211b608f8586a90870bb22b1f744bf7c9081 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a28e377c1aa6472ca52e5112590b211b608f8586a90870bb22b1f744bf7c9081
Size

13KB
MD5

34962b8789be21eba224ec28ae28cbe7
SHA1

d0c9ead50dd56b6666c0906f0fe86e7be878a976
SHA256

a28e377c1aa6472ca52e5112590b211b608f8586a90870bb22b1f744bf7c9081
SHA512

ac8f1db4d95ff39d56e96cdeba6d09b7bf7a97df5e02b15ce3b42ae203a7a1c5f17764770bf9bd0dba768b42e52979cc9db02a4337ccbde66da06b31d6204938
SSDEEP

384:maCgoCJ6joVC+5OQt/ZopTeiEURWVX25aOIOSONoOh:uEMa1kzbShOOONo

Score

N/A

Malware Config

Signatures

Files

a28e377c1aa6472ca52e5112590b211b608f8586a90870bb22b1f744bf7c9081
.exe windows x86

b969e200a3c804953672576e7614e72c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
ZwLoadDriver
ZwClose
ZwWriteFile
ZwCreateFile
RtlInitUnicodeString
RtlWriteRegistryValue
_snwprintf
RtlQueryRegistryValues
rand

Sections

.text
Size: 992B - Virtual size: 962B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ