045ecce722c5aa8c8665d6f59975912bf2159dc9283e9bb973a3da1050313ca7

General

Target

045ecce722c5aa8c8665d6f59975912bf2159dc9283e9bb973a3da1050313ca7
Size

746KB
MD5

7202b7cc411f683ca9402a2a8584bb5d
SHA1

35a113037a589ed1e6a601a6153637d6468cb36e
SHA256

045ecce722c5aa8c8665d6f59975912bf2159dc9283e9bb973a3da1050313ca7
SHA512

9aa3be39873c606e0e7fb3c2b3b3ad417f11203848090a00b2523ab74c399ba35dd9ebf90f218403b27a6a1c787e52e12e8fb6714767ba57ca3d4217d6397b6c
SSDEEP

12288:XTDw6p9uW6MIW2C3+zdlpb8zq5rtfohX7GS8TmY7EY3QjTGk:XT/6MIW2BzPpIkrCMSCaY3Q

Score

N/A

Malware Config

Signatures

Files

045ecce722c5aa8c8665d6f59975912bf2159dc9283e9bb973a3da1050313ca7
.exe windows x86

b326aed43e5143aa699b45fa2f4cbee7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlTraceDatabaseValidate
RtlMoveMemory
IoReleaseRemoveLockEx
_alldiv
ZwFlushVirtualMemory
IoReuseIrp
_allrem
MmUnmapViewInSessionSpace
LdrFindResource_U
ExfInterlockedAddUlong
FsRtlMdlWriteCompleteDev
KeReadStateMutex
ZwDeleteValueKey
KeI386ReleaseGdtSelectors
RtlDeleteOwnersRanges
RtlAbsoluteToSelfRelativeSD
IoCreateDevice
IoStartTimer
RtlUpcaseUnicodeStringToOemString
RtlWalkFrameChain
KeI386AllocateGdtSelectors
RtlStringFromGUID
KeQueryActiveProcessors
ZwOpenEvent
ZwUnloadDriver
NtQueryEaFile
atol
IoCreateSymbolicLink
PoCallDriver
RtlGUIDFromString
READ_REGISTER_USHORT
NtQueryQuotaInformationFile
strncat
ZwQueryDirectoryFile
ZwCreateFile
RtlSetTimeZoneInformation
PsIsThreadTerminating
IoRegisterShutdownNotification
MmMapLockedPages
NtGlobalFlag
ZwSetSecurityObject
_wcsnicmp
SePublicDefaultDacl
CcSetLogHandleForFile
IoReleaseRemoveLockAndWaitEx
RtlCompareUnicodeString
SeExports
ExSetResourceOwnerPointer

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b326aed43e5143aa699b45fa2f4cbee7

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 347KB - Virtual size: 346KB

.rdata Size: 512B - Virtual size: 448B

.data Size: 9KB - Virtual size: 22KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 387KB - Virtual size: 386KB

.text
Size: 347KB - Virtual size: 346KB

.rdata
Size: 512B - Virtual size: 448B

.data
Size: 9KB - Virtual size: 22KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 387KB - Virtual size: 386KB