e74a3ffb216fa096efe1f82e24286ee56fac37e2609b8c7b42773012cfa0aaaf

General

Target

e74a3ffb216fa096efe1f82e24286ee56fac37e2609b8c7b42773012cfa0aaaf
Size

446KB
MD5

6dda79aa38c7c8dd3d6bf9a6c1343342
SHA1

a5523598fdb41692a156733d9d0be6ea69edc8f6
SHA256

e74a3ffb216fa096efe1f82e24286ee56fac37e2609b8c7b42773012cfa0aaaf
SHA512

9e488dc77cd7578a0c71eb67c070d25f5f883fc97df0212d91357110885f1d3f182f8e797f07fcf9f06445d742ea8f6b1f08f97834ffcafd18e4f02f3a734a4a
SSDEEP

6144:7Q/CetG8ksBa7f8WpyV/SODtWNAmSj4/0ZmBRqrBjQPENjqYrLT/7lFFP:stGfg3V/SMtOAmSjaCmrQqgFT

Score

N/A

Malware Config

Signatures

Files

e74a3ffb216fa096efe1f82e24286ee56fac37e2609b8c7b42773012cfa0aaaf
.dll windows x86

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCheckQuotaBufferValidity
KeSetSystemAffinityThread
KeLeaveCriticalRegion
KeReadStateMutex
IoReleaseCancelSpinLock
IoFreeMdl
MmIsAddressValid
RtlDelete
CcSetDirtyPinnedData
KeEnterCriticalRegion
ZwWriteFile
ExDeleteNPagedLookasideList
ExSetResourceOwnerPointer
IoConnectInterrupt
ObReferenceObjectByHandle
IoReleaseRemoveLockAndWaitEx
RtlDeleteElementGenericTable
MmCanFileBeTruncated
IoWMIRegistrationControl
RtlCreateSecurityDescriptor
CcSetBcbOwnerPointer
CcPurgeCacheSection
KeInsertHeadQueue
SeQueryInformationToken
IoGetStackLimits
MmSecureVirtualMemory
RtlValidSid
ExRaiseDatatypeMisalignment
MmFreeContiguousMemory
IoFreeErrorLogEntry
RtlUnicodeToOemN
FsRtlCheckLockForReadAccess
IoAllocateWorkItem
MmUnsecureVirtualMemory
ZwOpenSymbolicLinkObject
KeRemoveDeviceQueue
KeSetTargetProcessorDpc
SeAccessCheck
FsRtlMdlWriteCompleteDev
RtlGetNextRange
ZwSetVolumeInformationFile
RtlVolumeDeviceToDosName
KeGetCurrentThread
MmAddVerifierThunks
KeTickCount
RtlFindClearRuns

Exports

Exports

?ValidateStringOriginal@@YGDKPAKPAM<V
?CrtProviderOriginal@@YGPAXKPAFGK<V
?IsNotMutantExW@@YGGN<V
?AddDataOld@@YGXD<V
?AddAppNameOriginal@@YGXPADIEJ<V
?DeleteFolderA@@YGJPANPAK<V

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmem
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 16KB - Virtual size: 16KB

.vmem Size: - Virtual size: 29KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 16KB - Virtual size: 16KB

.vmem
Size: - Virtual size: 29KB