2f1326243eccee8f21fcd02ba04f66a12a341676a0190892369ca0f0c48bb5d1

General

Target

2f1326243eccee8f21fcd02ba04f66a12a341676a0190892369ca0f0c48bb5d1
Size

32KB
MD5

5fa2b9de23aa6e64c771ba279e173150
SHA1

e063dd1d004413beff4ad055b18f5a2a20a0e479
SHA256

2f1326243eccee8f21fcd02ba04f66a12a341676a0190892369ca0f0c48bb5d1
SHA512

6b5a7e5d5d3e7df1e036a26af7ce7828d77673799480bceb8fa371cda5688e9a7593286bcd6cab3a49918d2226aff25bbaa8abce713384f68d7d7d023c2c1fbf
SSDEEP

768:056xN8Iq3euL+ps4Hk66374szDUOD+CftXis:g6LSOcKHkss/UcR

Score

N/A

Malware Config

Signatures

Files

2f1326243eccee8f21fcd02ba04f66a12a341676a0190892369ca0f0c48bb5d1
.exe windows x86

38e668269c10df54b924c4f4e64695f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapLockedPages
MmGetSystemRoutineAddress
MmAddVerifierThunks
MmIsVerifierEnabled
MmUnlockPages
RtlSubtreePredecessor
strncat
_strnicmp
ObGetObjectSecurity
ExFreePoolWithTag
VerSetConditionMask
RtlSubtreeSuccessor
RtlAppendUnicodeToString
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
_strupr
MmMapUserAddressesToPage
RtlCompareString
ZwMakeTemporaryObject
ZwCreateFile
wcsrchr
IoBuildAsynchronousFsdRequest
ZwQueryDirectoryFile
RtlAppendUnicodeStringToString
ZwQueryVolumeInformationFile
RtlFreeAnsiString
MmIsThisAnNtAsSystem
strspn
ObfDereferenceObject
ObReleaseObjectSecurity
RtlUpcaseUnicodeChar
ZwOpenSection
ZwOpenKey

Exports

Exports

__KeWaitForSingleObject@4
__RtlFreeAnsiString@8
__RtlQueryRegistryValues@4

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38e668269c10df54b924c4f4e64695f9

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 376B

.data Size: 512B - Virtual size: 132B

const Size: 512B - Virtual size: 512B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 376B

.data
Size: 512B - Virtual size: 132B

const
Size: 512B - Virtual size: 512B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 324B