b05271cd866ed5f0f979bab4539b107c96dd4286627c705554d010f390f83020

Sharing

Copy URL

Twitter E-mail

General

Target

b05271cd866ed5f0f979bab4539b107c96dd4286627c705554d010f390f83020
Size

6KB
MD5

6f32f643b0dc8d5cbbf77b09553ec0c0
SHA1

dd9b19b2446cae9f137e240d0ffcd561245725b9
SHA256

b05271cd866ed5f0f979bab4539b107c96dd4286627c705554d010f390f83020
SHA512

0f1fb7c6a580995eaa71495b121911694b5eba975f07908b7a3096ba8c7a649dd7493697c8c9ad7fc7f3ee4f1e6248ba2f763a2a61a567950a1ebae03dc88944
SSDEEP

96:O11+IHaUYzvw/uwl1iB4G4Qh8sthnVLH1Swqv:Oy3+Hjitxj

Score

N/A

Malware Config

Signatures

Files

b05271cd866ed5f0f979bab4539b107c96dd4286627c705554d010f390f83020
.exe windows x86

842e3a40aa4bacbb90413241a3bffa96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlInitUnicodeString
DbgPrint
ZwOpenKey
ExFreePoolWithTag
RtlQueryRegistryValues
RtlAppendUnicodeStringToString
ZwEnumerateKey
ExAllocatePoolWithTag
ZwQueryKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest

Sections

a
Size: 384B - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.b
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c
Size: 256B - Virtual size: 143B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d
Size: 384B - Virtual size: 262B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.e
Size: 128B - Virtual size: 117B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.f
Size: 256B - Virtual size: 139B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 128B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

842e3a40aa4bacbb90413241a3bffa96

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

a Size: 384B - Virtual size: 352B

.b Size: 1KB - Virtual size: 1KB

.c Size: 256B - Virtual size: 143B

.d Size: 384B - Virtual size: 262B

.e Size: 128B - Virtual size: 117B

.f Size: 256B - Virtual size: 139B

.text Size: 128B - Virtual size: 6B

.rdata Size: 256B - Virtual size: 164B

INIT Size: 512B - Virtual size: 512B

.reloc Size: 256B - Virtual size: 178B

a
Size: 384B - Virtual size: 352B

.b
Size: 1KB - Virtual size: 1KB

.c
Size: 256B - Virtual size: 143B

.d
Size: 384B - Virtual size: 262B

.e
Size: 128B - Virtual size: 117B

.f
Size: 256B - Virtual size: 139B

.text
Size: 128B - Virtual size: 6B

.rdata
Size: 256B - Virtual size: 164B

INIT
Size: 512B - Virtual size: 512B

.reloc
Size: 256B - Virtual size: 178B