9416563b9abbc500e7cade2338dff6de98fe3ef23006e40f0341a4bb6c204568 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9416563b9abbc500e7cade2338dff6de98fe3ef23006e40f0341a4bb6c204568
Size

13KB
MD5

b611dbd935c91df6b4bbf8afab5a1888
SHA1

2d0c68be3032bb62d91331ba921a703f92ddb78f
SHA256

9416563b9abbc500e7cade2338dff6de98fe3ef23006e40f0341a4bb6c204568
SHA512

b6a180526fa87d874e667bf2fb30cb21218b319d6926eb7861c39b525752f64fc7628dbf3ab1903ee6faed6277347d18ab9e5fb694b95ec549c59bbc969015d2
SSDEEP

192:WsloekjXsXJ+RBLL72DLKDL9yPJEY+QccccaoEOH3KT7YpkkmAHNM0b:ryH8sRBQKDLYJtjcccczEOHmsp/mAt7b

Score

N/A

Malware Config

Signatures

Files

9416563b9abbc500e7cade2338dff6de98fe3ef23006e40f0341a4bb6c204568
.exe windows x86

2bd2b75d86888bce3d1a38eb6799f5af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IofCompleteRequest
RtlInitUnicodeString
PsLookupProcessByProcessId
ZwClose
DbgPrint
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
MmUnmapViewOfSection
IoCreateFile

hal

KeGetCurrentIrql

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 744B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ