a6f06d213885a40b0a2e36d7dec74eeae32fa64df949f5385e1168361973c6ed

General

Target

a6f06d213885a40b0a2e36d7dec74eeae32fa64df949f5385e1168361973c6ed
Size

32KB
MD5

6b52225969fcd3d88868f9743f26ddeb
SHA1

8636d74184ba041a157a5203924353b71bf45966
SHA256

a6f06d213885a40b0a2e36d7dec74eeae32fa64df949f5385e1168361973c6ed
SHA512

dd200dacd5250a1217cbcc04e7d8f9ce644bdc093cf729b6f04ed6a5e05056d99318d2e353fd40619ac1851f12b3e3f24254fdd0b2fb835e96b547af4fb8a003
SSDEEP

768:0rB5llZJmB4svGhvIeQqDsK5ZXVSC23RXAwHj18t:0DlzJmBLG4K5ZFuAwHjm

Score

N/A

Malware Config

Signatures

Files

a6f06d213885a40b0a2e36d7dec74eeae32fa64df949f5385e1168361973c6ed
.exe windows x86

6b94626c81e394332901e8bf8d451757

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeMutex
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
ZwClose
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
RtlInitUnicodeString
KeReleaseMutex
KeWaitForSingleObject
memcpy
memset
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
MmIsAddressValid
PsGetCurrentProcessId
ZwQuerySystemInformation
ObReferenceObjectByHandle
ZwOpenThread
RtlEqualUnicodeString
KeInsertQueueApc
KeInitializeApc
ExAllocatePool
KeDetachProcess
_snprintf
KeAttachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwOpenProcess
KeDelayExecutionThread
strncmp
strlen
IoGetCurrentProcess
wcsncpy
wcslen
wcsncat
wcscpy
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
ZwWriteFile
ZwCreateFile
PsCreateSystemThread
ZwEnumerateValueKey
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoGetDeviceObjectPointer
CmRegisterCallback
ExInitializeResourceLite
wcsstr
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ExQueueWorkItem
ZwCreateKey
_wcsicmp

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b94626c81e394332901e8bf8d451757

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 352B - Virtual size: 322B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 928B - Virtual size: 914B

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 352B - Virtual size: 322B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 928B - Virtual size: 914B