a5defa8ea1ae1416ad9fc04109f6fa6c0e1b64e4be712343f7142cf7389ac9ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a5defa8ea1ae1416ad9fc04109f6fa6c0e1b64e4be712343f7142cf7389ac9ea
Size

43KB
MD5

5fd1d110ab9dbd2826177293b93908b9
SHA1

beeb4ef6d351d1207b110643440599e74f0d2ad6
SHA256

a5defa8ea1ae1416ad9fc04109f6fa6c0e1b64e4be712343f7142cf7389ac9ea
SHA512

eb5ee30b38bd10d76f54e8de60f0bb059abe2fe056408cbf146c5698e96b0f5824ee7bde3799618ba6e3ca2ffab23b8eb617280418f578218657adb342f28b1b
SSDEEP

768:0Ck5z96fhTDTdRTQMOVGA1YVk1iSTMqLCnYl5tiA3uUO+1+taT:S0TdRlj1VoiEpLC5UO+X

Score

N/A

Malware Config

Signatures

Files

a5defa8ea1ae1416ad9fc04109f6fa6c0e1b64e4be712343f7142cf7389ac9ea
.dll windows x86

e62c3e9d5b00836d31194f741202d69b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitString
ExFreePool
RtlFindUnicodePrefix
RtlCompareString
SeDeassignSecurity
RtlFindSetBits
KeReadStateSemaphore
SeTokenIsRestricted
ZwCreateSection
ExRaiseAccessViolation
MmPageEntireDriver
IoQueueWorkItem
IoAllocateController
PsGetVersion
SeTokenIsAdmin
KeSetTimer
CcFastMdlReadWait
RtlLengthSecurityDescriptor
RtlEqualString
KdEnableDebugger
IoDeleteDevice
IoCheckShareAccess

Exports

Exports

?vpzPwxkaqaffggZ@@YGPAGG@Z
?rjMZvAtS@@YGN_N@Z
?tQqvuIMtpra@@YGFK@Z
?kHcnRPx@@YGPAGPAF@Z

Sections

.text
Size: 18KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ