79e401350f1598efc6b5aaa570bba9faf913a4f38314f864a07b4a71e29cbe47

Sharing

Copy URL

Twitter E-mail

General

Target

79e401350f1598efc6b5aaa570bba9faf913a4f38314f864a07b4a71e29cbe47
Size

16KB
MD5

34ad4b998f65ad57b82849f7a2373129
SHA1

18fe01fceb3f46749b0ceb08cccced8fd059488d
SHA256

79e401350f1598efc6b5aaa570bba9faf913a4f38314f864a07b4a71e29cbe47
SHA512

3330e5cecdb2b7bd1bdb44702c773916b4312df7f5fe488a34c6ab837b7ed62065adc19ccadfadca07dcfe6738bbf2dfeeee4881b49ebc69b8874b3130fbbf11
SSDEEP

192:v1rJACF05FDWmonOqdZhXm6J1afZOOQCc7H6FgoXp+Cr9Tuw+nlPJJAk:NVGnWzOyZ5afZw7addrVyPJJAk

Score

N/A

Malware Config

Signatures

Files

79e401350f1598efc6b5aaa570bba9faf913a4f38314f864a07b4a71e29cbe47
.exe windows x86

317fa66ebdb9b912a99d427363811b56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoQueueWorkItem
IofCompleteRequest
IoAllocateWorkItem
IoReleaseCancelSpinLock
KefReleaseSpinLockFromDpcLevel
IoDeleteSymbolicLink
IoAcquireCancelSpinLock
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
RtlUnwind
IoDeleteDevice
_allmul
memset
ExAllocatePoolWithQuotaTag
memcpy
MmUserProbeAddress
ExRaiseAccessViolation
ProbeForWrite
ExRaiseDatatypeMisalignment
IoFreeWorkItem
ExFreePoolWithTag
KeWaitForSingleObject
KeInitializeEvent
KefAcquireSpinLockAtDpcLevel
KeSetEvent
KeBugCheckEx

hal

KfReleaseSpinLock
KfAcquireSpinLock

netio.sys

NsiSetAllParametersEx
NsiEnumerateObjectsAllPersistentParametersWithMask
NsiEnumerateObjectsAllParametersEx
NsiRegisterChangeNotificationEx
NsiSetParameterEx
NsiGetParameterEx
NsiDeregisterChangeNotificationEx
NsiGetModuleHandle
NsiGetAllPersistentParametersWithMask
NsiGetAllParametersEx
NsiSetAllPersistentParametersWithMask

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 34B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

317fa66ebdb9b912a99d427363811b56

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

netio.sys

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 628B

.data Size: 512B - Virtual size: 72B

PAGE Size: 512B - Virtual size: 34B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 558B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 628B

.data
Size: 512B - Virtual size: 72B

PAGE
Size: 512B - Virtual size: 34B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 558B