22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc

Sharing

Copy URL Twitter E-mail

General

Target

22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc
Size

30KB
MD5

95fee6047fe07b93ad4ad6ebb2343abb
SHA1

36dc255b371220d9da448d46d920e0d8042537d3
SHA256

22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc
SHA512

b18258a6542a804bf95a07b94314828e47b8e8968f377740ba814d1034c0940f715f94a140d70f2a934c4433d833e28297da47e15ffeb9699027dcb7fcf7f00c
SSDEEP

768:EY/uiXomAqQ3rCFKQvJhecEqBGQCMbaAqocpZWT:rFXju2ta9KSp0T

Score

N/A

Malware Config

Signatures

Files

22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc
.exe windows x64

482787fdbaf50f2749aedc7c858bd465

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePool
IoAllocateMdl
MmUnlockPages
IoFreeMdl
ObReferenceObjectByHandle
IoFileObjectType
RtlInitUnicodeString
IoWMIWriteEvent
MmGetSystemRoutineAddress
RtlCompareMemory
RtlGUIDFromString
KeBugCheckEx
RtlCopyUnicodeString
ExFreePool
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoGetCurrentProcess
ObfDereferenceObject
ExFreePoolWithTag
IoWMIRegistrationControl
ExAllocatePoolWithTag
__C_specific_handler

wdfldr.sys

WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionBindClass

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

NONPAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

482787fdbaf50f2749aedc7c858bd465

Headers

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 18KB - Virtual size: 18KB

NONPAGE Size: 1KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 864B

PAGE Size: 2KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 220B

.text
Size: 18KB - Virtual size: 18KB

NONPAGE
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 864B

PAGE
Size: 2KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 220B