c6463995a19cea0cf5b9cece96cedafcafc7b8baefe5fa033981dff9c201a3f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6463995a19cea0cf5b9cece96cedafcafc7b8baefe5fa033981dff9c201a3f2
Size

25KB
MD5

947444208da2a6a2f7189a0dc7efc42c
SHA1

ab9b4cb5d9f93f55322207ca8d2eaa0b9eb5cf86
SHA256

c6463995a19cea0cf5b9cece96cedafcafc7b8baefe5fa033981dff9c201a3f2
SHA512

b19898c7a7ff00a0ef169d373d2460d8d45bafdef5851ea60a29b1e14f53858835c20ac7e88ed9820fd7dde2e8802e5cd8975774a5afda6bdf12a9048ffd0cb4
SSDEEP

384:EhwbNdqKUMr3P7y1WPcSx3VgGweTvxaW26JQPgRA7wbkM3CkM6M:t5k7oDyQRx32GweTvNJQPaj4uM6

Score

N/A

Malware Config

Signatures

Files

c6463995a19cea0cf5b9cece96cedafcafc7b8baefe5fa033981dff9c201a3f2
.exe windows x86

85934f39a91a9d01f015d8810f0bd429

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
RtlInitUnicodeString
_strnicmp
strncpy
RtlCompareUnicodeString
ExGetPreviousMode
wcscpy
_except_handler3
MmIsAddressValid
ObfDereferenceObject
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
_stricmp
strncmp
IofCompleteRequest
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
_wcsnicmp

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ