bd0218728382ad4b51d79e8db9ece2357d09f9fbaf992b00a55806a4e3452c8b

General

Target

bd0218728382ad4b51d79e8db9ece2357d09f9fbaf992b00a55806a4e3452c8b
Size

19KB
MD5

39c2dd6f8b7863cf6c07fff4fa57a6a4
SHA1

e027e66c7bdfff9d56a6e35e31d142e2107605cb
SHA256

bd0218728382ad4b51d79e8db9ece2357d09f9fbaf992b00a55806a4e3452c8b
SHA512

b9e0096bb53c66cf8a223a1a952425f41c3ee029b69cb2fecff860b7081ced35dea6211fd4b736ca17a048d61eabb59a619a9f189bd26d8f6e549fd21cd37af3
SSDEEP

384:UGMuRfRyhXk3JVFvgzYtQtmf7GSrDfHC9Nuj+j51/y:UKRfYXk33Fvg0tQtmf7GOgd

Score

N/A

Malware Config

Signatures

Files

bd0218728382ad4b51d79e8db9ece2357d09f9fbaf992b00a55806a4e3452c8b
.exe windows x86

8878a1e11d2115a5db63ba68a3f02a13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

isprint
strchr
tolower
isupper
isdigit
toupper
srand
atoi
isxdigit
isspace
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
islower
strstr
_wcslwr
wcsncpy
PsGetVersion
atol
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strrchr
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
ZwCreateKey
wcscat
wcscpy

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8878a1e11d2115a5db63ba68a3f02a13

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 864B - Virtual size: 856B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 864B - Virtual size: 856B