bd13b45a6df0f6f63f9eb85e412940712a6fee39ac8f7e231af37b975a2fe941

General

Target

bd13b45a6df0f6f63f9eb85e412940712a6fee39ac8f7e231af37b975a2fe941
Size

29KB
MD5

44e2cd87d3cd5469e6c9a73052487735
SHA1

88f105a4ca21b23b0b9e237bf84ab1e29e56bfc4
SHA256

bd13b45a6df0f6f63f9eb85e412940712a6fee39ac8f7e231af37b975a2fe941
SHA512

de99a18916449b60c0d994f11a41b5a2419939fc3891bf7d7f599af9438cbac64033d7bafd759ccfb47a4c978f9506b762151a097e9fea4c3e10a04a59a482aa
SSDEEP

768:dxQK0HWA4bci5nedZIzScj666gpVmnRw:dxQVUci5edZI+c+Ew

Score

N/A

Malware Config

Signatures

Files

bd13b45a6df0f6f63f9eb85e412940712a6fee39ac8f7e231af37b975a2fe941
.exe windows x86

5c90e073fed085eb5a68486e5438a431

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
ZwClose
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
strcmp
PsLookupProcessByProcessId
wcsncpy
memset
ZwQueryValueKey
ZwOpenKey
wcsncat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
IofCompleteRequest
RtlAppendUnicodeStringToString
RtlUnicodeToMultiByteN
ZwWriteFile
ZwCreateFile
IoRegisterFsRegistrationChange
KeInitializeMutex
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExFreePoolWithTag
MmIsAddressValid
CmRegisterCallback
ExInitializeResourceLite
KeDelayExecutionThread
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ZwEnumerateValueKey
ExQueueWorkItem

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 725B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c90e073fed085eb5a68486e5438a431

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 384B - Virtual size: 384B

.data Size: 768B - Virtual size: 725B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 1024B - Virtual size: 916B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 384B - Virtual size: 384B

.data
Size: 768B - Virtual size: 725B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 1024B - Virtual size: 916B