bd3ab3c6ab1b3990a6589ec84b9bb53072389eda4f32c0e7ff3664f54b5e2b9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd3ab3c6ab1b3990a6589ec84b9bb53072389eda4f32c0e7ff3664f54b5e2b9a
Size

6KB
MD5

48a5d33ab2d5dfac3539b808d0968690
SHA1

f0a9f82822983e0d19d46a3763c9b27f749aa0e6
SHA256

bd3ab3c6ab1b3990a6589ec84b9bb53072389eda4f32c0e7ff3664f54b5e2b9a
SHA512

26f3bdbb655c0f939309371ac1688297aa530c006f0ebaced3678e5e8fb3fe0d2a09ef3678978e2206da5bfccfd8876a3cc5dd07e8ab26e8254149c58d847249
SSDEEP

96:MpzkcD9mdIJQC3ZzFP+xJiVG1nFDidiqy2yOYdFgxFKFaTL7+yXcApxppVSz:Mt59mwQaV+DzRhi9y3/zgSC+exH

Score

N/A

Malware Config

Signatures

Files

bd3ab3c6ab1b3990a6589ec84b9bb53072389eda4f32c0e7ff3664f54b5e2b9a
.dll windows x86

e610606a11a87777a4b7b6452a47757a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
PsCreateSystemThread
RtlDeleteRegistryValue
RtlWriteRegistryValue
RtlCreateRegistryKey
ZwWriteFile
ExFreePoolWithTag
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlRandom
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlGetVersion
PsTerminateSystemThread
ZwLoadDriver
RtlAppendUnicodeStringToString
RtlQueryRegistryValues
KeDelayExecutionThread

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 213B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 128B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 568B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ