ca97ac36642e7d7a9ceeb49dc8bda90aff2887ca8b573e10153cf2fe087994c4

General

Target

ca97ac36642e7d7a9ceeb49dc8bda90aff2887ca8b573e10153cf2fe087994c4
Size

15KB
MD5

3e8b38084a9152fb5808655c79df04c8
SHA1

e27f78f549a481f3f58943237f56ec75ae31f8c4
SHA256

ca97ac36642e7d7a9ceeb49dc8bda90aff2887ca8b573e10153cf2fe087994c4
SHA512

d500610345984147b8f6987764d5b0939e4c2583d6360d84978ceabaf5f8476f54fe0c780861718dd29070b9b382c4a68007a2dfff39e18ebf2f12659b0a098c
SSDEEP

384:EVumim+H1505WLSTv2LfdWIOCSvAmE7rAVzo+eiLm+k9:QuKw15mwSKLVWfCSviHkzo+96+A

Score

N/A

Malware Config

Signatures

Files

ca97ac36642e7d7a9ceeb49dc8bda90aff2887ca8b573e10153cf2fe087994c4
.exe windows x86

b5668d7dd09c2f459dd37934839ad0ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsSetCreateProcessNotifyRoutine
isprint
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
PsGetVersion
atoi
DbgPrint
strchr
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
_wcslwr
wcsncpy
isupper
atol
strstr
swprintf
srand
KeDelayExecutionThread
ZwCreateKey
wcslen
islower
isdigit
wcscat
wcscpy
tolower
strncmp
IoGetCurrentProcess
_wcsnicmp
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
isxdigit
toupper
isspace
strrchr
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
IoRegisterDriverReinitialization

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5668d7dd09c2f459dd37934839ad0ad

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 832B - Virtual size: 828B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 832B - Virtual size: 828B