de9df7a175de9ded0644b9112efff3e4c14d773a938cde83af0c56a3eba7e6e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de9df7a175de9ded0644b9112efff3e4c14d773a938cde83af0c56a3eba7e6e0
Size

3KB
MD5

2f9479cdfa6e5e24664e28d85643439f
SHA1

6bfa191477d0b6b90bc9ebb265e8f11aefef7724
SHA256

de9df7a175de9ded0644b9112efff3e4c14d773a938cde83af0c56a3eba7e6e0
SHA512

8e578db3baa7e68998c99e163662f6af44dd1c9be08184884edf39bd706c38fa57f435d3ebb2035e611fc78d9ed915c52d17c8d91aff0b4b420c3b7f92e52a4a

Score

N/A

Malware Config

Signatures

Files

de9df7a175de9ded0644b9112efff3e4c14d773a938cde83af0c56a3eba7e6e0
.exe windows x86

c25f0391c943e92e9beab16f23e96a94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

kernel32

CloseHandle
CreateToolhelp32Snapshot
DuplicateHandle
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
MoveFileExA
OpenProcess
Process32First
Process32Next
TerminateProcess
VirtualAlloc
VirtualFree
lstrcmpiA
lstrlenW

user32

CharUpperW

Sections

.text
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE