9ab5786004f94086fe09cdd211db1db944d097a8216f5a01e5758cbc6041c1d5 | Triage

Submit
Reports

Overview

overview

6

Static

static

9ab5786004...d5.dll

windows7-x64

6

9ab5786004...d5.dll

windows10-2004-x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

9ab5786004f94086fe09cdd211db1db944d097a8216f5a01e5758cbc6041c1d5.dll

Resource

win7-20220812-en

bootkit discovery persistence

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ab5786004f94086fe09cdd211db1db944d097a8216f5a01e5758cbc6041c1d5.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

9ab5786004f94086fe09cdd211db1db944d097a8216f5a01e5758cbc6041c1d5
Size

64KB
MD5

15f8f6fb4d593d55ff7c511414eec3d8
SHA1

7ebc65ed002ca7274c0b16fadc5193362edd6f81
SHA256

9ab5786004f94086fe09cdd211db1db944d097a8216f5a01e5758cbc6041c1d5
SHA512

1a0e8d2ae4a5504d772db88720f618e88c3ce95c41a670119971139cfd69a44335cac436c454c12e1e4c8c7fd6d402fd5717d29ccaf9d0204231bbb9802cb29c
SSDEEP

768:hS5w5goJmB0pIYX1xePKmrIB41QkkOdHah8uTT0sCFY9ir8gnn:hS6RJmB0pIY0KmR1QSahOXFuY

Score

N/A

Malware Config

Signatures

Files

9ab5786004f94086fe09cdd211db1db944d097a8216f5a01e5758cbc6041c1d5
.dll windows x86

458bff1331382dd6c181ffd6877ebe19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapDestroy
GetProcessHeap
HeapFree
IsBadStringPtrA
Beep
HeapReAlloc
HeapAlloc

rpcrt4

NdrServerCall2
RpcStringFreeW
RpcServerInqBindings
RpcServerUseProtseqW
RpcAsyncCompleteCall
NdrAsyncServerCall
UuidFromStringW
RpcRevertToSelfEx

crypt32

CryptUnprotectData
CryptProtectData

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1B

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy