072087d094960238205978190a917de15cc1a645b4975caddd42e248bef44713

Sharing

Copy URL

Twitter E-mail

General

Target

072087d094960238205978190a917de15cc1a645b4975caddd42e248bef44713
Size

32KB
MD5

fb5a13f5d1bf043cb1ac657a48441962
SHA1

54b6931f407a79e068692e76c9f528382ba9d98b
SHA256

072087d094960238205978190a917de15cc1a645b4975caddd42e248bef44713
SHA512

da79d4de8798f73074ff899a1b98119475b7a8d1a672d5f996f860aab8f6066edbc135a6219851065edbf646175cbc87f73ea1dfeb5ed0d7de2e648246f5c6ee
SSDEEP

768:sZs+JVNnHuGmwqmL8u/T8qdfdnV6iJ2KP0UKo:2lz5YmTlKo

Score

N/A

Malware Config

Signatures

Files

072087d094960238205978190a917de15cc1a645b4975caddd42e248bef44713
.exe windows x86

30cdc55f1f18de6e491746011115bd35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
swprintf
ZwSetValueKey
wcscpy
_wcsicmp
KeInitializeEvent
ZwTerminateProcess
ZwOpenProcess
ZwQuerySystemInformation
ZwQueryDirectoryFile
ZwCreateFile
ZwOpenFile
ZwCreateKey
ZwOpenKey
RtlInitUnicodeString
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryValueKey
ObfDereferenceObject
wcsncpy
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwQueryObject
ZwDuplicateObject
KeServiceDescriptorTable
InterlockedIncrement
_stricmp
wcslen
InterlockedDecrement
strncpy
IoGetCurrentProcess
PsLookupProcessByProcessId
IoDeleteDevice
IoDeleteSymbolicLink
KeWaitForSingleObject
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
PsGetCurrentProcessId
wcsrchr
memmove
PsGetVersion
ExFreePool
MmIsAddressValid
InterlockedExchange
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
wcscat
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwOpenProcessToken
ZwQueryInformationProcess
KeDetachProcess
KeAttachProcess
ExQueueWorkItem
ZwQueryInformationToken
KeSetEvent
LsaFreeReturnBuffer
_snwprintf
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
IoFreeIrp
strncmp
ZwClose

hal

ExAcquireFastMutex
KeGetCurrentIrql
ExReleaseFastMutex

ksecdd.sys

GetSecurityUserInfo

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 928B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30cdc55f1f18de6e491746011115bd35

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ksecdd.sys

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 928B - Virtual size: 922B

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 904B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 928B - Virtual size: 922B

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 904B

.reloc
Size: 1KB - Virtual size: 1KB