1ed1d3d8d060ff752d72161524a78fe8ad1a00d2da34cd1a7ad99802ea08850c

General

Target

1ed1d3d8d060ff752d72161524a78fe8ad1a00d2da34cd1a7ad99802ea08850c
Size

40KB
MD5

c81d011bee48f273ef2a88756d9cd8f3
SHA1

63b4d95676a1112b6ba544ad1533127fa577f1db
SHA256

1ed1d3d8d060ff752d72161524a78fe8ad1a00d2da34cd1a7ad99802ea08850c
SHA512

c5a52831f31cb91799b4a8719bdd73ac853a2710db6dda2185f9e0829a5e502ab34efb26d9e4f10d81c46e399a1e8e14dc7c187dff43640af727f62968796d6c
SSDEEP

384:quW3KTAhtUXObXtujncxl3R9bohfeBBRPkjA7C18EPPoQmuPZI+2o6UnTjMeM4dF:qzqO5pfbohWtPkj8EPPoQ/PK+2bsjM4

Score

N/A

Malware Config

Signatures

Files

1ed1d3d8d060ff752d72161524a78fe8ad1a00d2da34cd1a7ad99802ea08850c
.dll windows x86

c797ef603bfd7a665037ac0c34f4553f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeReleaseSemaphore
RtlFindClearBits
PsTerminateSystemThread
RtlStringFromGUID
IoReportResourceForDetection
RtlCompareUnicodeString
FsRtlFreeFileLock
ZwDeviceIoControlFile
RtlInitializeGenericTable
KeInsertQueueDpc
IoReportDetectedDevice
ZwFreeVirtualMemory
ZwMapViewOfSection
PsGetVersion
ExRaiseStatus
ObCreateObject
ExAcquireFastMutexUnsafe
RtlMultiByteToUnicodeN
RtlInitString
KeReleaseMutex
KeDeregisterBugCheckCallback
KeInitializeSpinLock
RtlFreeAnsiString
KeBugCheck
ZwOpenProcess
IoGetAttachedDevice
RtlLengthSecurityDescriptor
RtlWriteRegistryValue

Exports

Exports

?zfGLdipJcTdfhfsm@@YGEHPAM@Z
?IaolRfgPmyxuscif@@YGPAXJN@Z
?QtldFvXkFwcdYnfol@@YGJF@Z
?eYdbPbjbkSuuxyok@@YGMH@Z
?afdofmEdaEeQ@@YGDM@Z
?eKCIViLpCgdjfxsri@@YGPAKPAEPAE@Z
?XetpuqkeqnEay@@YGPAGPAIPA_N@Z

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c797ef603bfd7a665037ac0c34f4553f

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 325B

.data Size: 2KB - Virtual size: 22KB

INIT Size: 9KB - Virtual size: 9KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 325B

.data
Size: 2KB - Virtual size: 22KB

INIT
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1KB - Virtual size: 1KB