1892e63c6eb7c4bac51ef580189c9f3d1340d438bfe254ac850d121eda1c8516 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1892e63c6eb7c4bac51ef580189c9f3d1340d438bfe254ac850d121eda1c8516
Size

114KB
MD5

386a9d1adebd2c3dc4216b5cb2c6aa88
SHA1

f90a2d4ea53e8e606a1885deff4f45004c18821f
SHA256

1892e63c6eb7c4bac51ef580189c9f3d1340d438bfe254ac850d121eda1c8516
SHA512

d2317b73d84ed24e005982adfb455f1c20d2fe3ad1c6e67d58f3f1ff890529dc1a2fc331d27cf24fcc1d12be7f66c762b81181d0206b2faa8e8a3e1c39b9e2b7
SSDEEP

768:ivb5k6wTnbAKN85Jw/6Df95oHLKDHb61uUHSXUEMdP5M:izWn8a85E6r9F61uUHmUL9y

Score

N/A

Malware Config

Signatures

Files

1892e63c6eb7c4bac51ef580189c9f3d1340d438bfe254ac850d121eda1c8516
.exe windows x86

b3dc880222aab42e2f3fa2a52aa04032

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncpy
IoGetCurrentProcess
ExAllocatePoolWithTag
_stricmp
wcslen
ExFreePool
_wcsicmp
_except_handler3
RtlCompareUnicodeString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ProbeForRead
IofCompleteRequest
strncmp
ZwQueryDirectoryFile
ZwQuerySystemInformation
InterlockedExchange
ZwEnumerateValueKey
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 758B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ