856bd13fa6e12fde4e6e0892b702856ad90cae55bb8906e7801ee2e1940d40d1

Sharing

Copy URL Twitter E-mail

General

Target

856bd13fa6e12fde4e6e0892b702856ad90cae55bb8906e7801ee2e1940d40d1
Size

71KB
MD5

7257afb1c805d71c83f77192a66ac420
SHA1

6cebcf7aa42834c369f1cdddad3d3edf2a148f4a
SHA256

856bd13fa6e12fde4e6e0892b702856ad90cae55bb8906e7801ee2e1940d40d1
SHA512

19a67e2f698e5912d0f72b5c6638720002de318ad3713523b551db6c42d33ba9ccdc85c97ba31e550649f98a0f9ed1c17700f0f1b636f690052086247e0fc624
SSDEEP

1536:CEDdncUEwE7lzBKfS0iZ8juicAiXwqfNd8em3SxGBLx:CwBQhzAfS006xTqr8e9od

Score

N/A

Malware Config

Signatures

Files

856bd13fa6e12fde4e6e0892b702856ad90cae55bb8906e7801ee2e1940d40d1
.exe windows x86

f5fa6743a74a390f42426fde65a1778b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
memset
KeDelayExecutionThread
KeWaitForSingleObject
KeInitializeEvent
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwWriteFile
RtlRandom
KeQuerySystemTime
ZwSetInformationFile
ExAllocatePoolWithTag
ZwCreateFile
memcpy
KeReleaseMutex
RtlCopyUnicodeString
ZwDeleteFile
RtlCompareUnicodeString
ZwQueryDirectoryFile
RtlInitUnicodeString
ZwOpenFile
KeInitializeMutex
ZwFlushKey
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ExEventObjectType
PsGetCurrentProcessId
KeGetCurrentThread
_purecall
PsTerminateSystemThread
memmove
PsThreadType
PsCreateSystemThread
ZwOpenKey
PsGetCurrentThreadId
KeSetTimerEx
IoQueueWorkItem
IoFreeWorkItem
KeInitializeDpc
KeInitializeTimerEx
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
RtlUnwind
strchr
KeResetEvent
PsGetThreadId
PsLookupThreadByThreadId
_alldiv
DbgPrint
IofCompleteRequest
MmProbeAndLockPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildDeviceIoControlRequest
IoFreeMdl
IoGetDeviceObjectPointer
IoGetRelatedDeviceObject
ObReferenceObjectByPointer
_except_handler3
ObOpenObjectByPointer
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
IoFileObjectType
MmUserProbeAddress
ExGetPreviousMode
RtlGetVersion
MmGetSystemRoutineAddress
_stricmp
ZwQuerySystemInformation
KeUnstackDetachProcess
RtlAppendUnicodeStringToString
PsGetProcessPeb
KeStackAttachProcess
PsLookupProcessByProcessId
RtlUnicodeToMultiByteN
ZwQueryValueKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ObQueryNameString
ZwReadFile
ObfReferenceObject
IoGetBaseFileSystemDeviceObject
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeServiceDescriptorTable
ExUuidCreate
strrchr
_strnicmp
CmUnRegisterCallback
CmRegisterCallback
IoReleaseVpbSpinLock
IoAttachDeviceToDeviceStackSafe
IoAcquireVpbSpinLock
IoEnumerateDeviceObjectList
IoUnregisterFsRegistrationChange
IoDetachDevice
IoCancelFileOpen
ProbeForWrite
_vsnwprintf
ZwDeleteKey
ZwLoadDriver
RtlAppendUnicodeToString
KeSetEvent
MmIsAddressValid
ExFreePoolWithTag
PsGetThreadTeb
MmUnlockPages
KeInsertQueueApc
KeInitializeApc

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5fa6743a74a390f42426fde65a1778b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

PAGE Size: 48KB - Virtual size: 48KB

INIT Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

PAGE
Size: 48KB - Virtual size: 48KB

INIT
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB