c749a73854f9691d42c85977ea2d4739d342d1b4f018e15fcf10449028d6d7e3

Sharing

Copy URL Twitter E-mail

General

Target

c749a73854f9691d42c85977ea2d4739d342d1b4f018e15fcf10449028d6d7e3
Size

16KB
MD5

6ced29b5addf9b581b7dd71bb873cb50
SHA1

8f9d1c05842f745fbfaea77f2b29ef6ed9d19e4a
SHA256

c749a73854f9691d42c85977ea2d4739d342d1b4f018e15fcf10449028d6d7e3
SHA512

ba4e525cc3802aadef134eca191960495c79b9a2d0b128dd8aeab59bded5888025c19a988dcd95a2065a36322d105e257679032865a6afd0ef43c459e3f6f335
SSDEEP

192:mIxmsj7Hjxmsj7HQxmsj7HZNYvQdjdftEWT2Q+5XvfV4mi8f4i3:m7PoolfbIXV4m74

Score

N/A

Malware Config

Signatures

Files

c749a73854f9691d42c85977ea2d4739d342d1b4f018e15fcf10449028d6d7e3
.exe windows x86

1421d1a1e90d954a91cb673428f9d86c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeMdl
MmUnlockPages
ZwClose
ZwCreateFile
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
ZwQuerySystemInformation
_stricmp
strrchr
ExAllocatePoolWithTag
ObfDereferenceObject
IoDriverObjectType
MmGetSystemRoutineAddress
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeSetEvent
ZwQueryInformationFile
KeWaitForSingleObject
KeGetCurrentThread
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
IoGetCurrentProcess
ObReferenceObjectByHandle
IoFileObjectType
_allmul
IofCompleteRequest
ProbeForRead
ZwWriteFile
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
ZwReadFile
IoFreeIrp

hal

KeStallExecutionProcessor

Sections

u20
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 813B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wjata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wiata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

whata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wgata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wfata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

weata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wdata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wcata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wbata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

waata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w9ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w8ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w7ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w6ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w5ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w4ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w3ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w2ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

w1ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1421d1a1e90d954a91cb673428f9d86c

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

u20 Size: 6KB - Virtual size: 6KB

.rdata Size: 896B - Virtual size: 813B

.data Size: 640B - Virtual size: 616B

wjata Size: 256B - Virtual size: 256B

wiata Size: 256B - Virtual size: 256B

whata Size: 256B - Virtual size: 256B

wgata Size: 256B - Virtual size: 256B

wfata Size: 256B - Virtual size: 256B

weata Size: 256B - Virtual size: 256B

wdata Size: 256B - Virtual size: 256B

wcata Size: 256B - Virtual size: 256B

wbata Size: 256B - Virtual size: 256B

waata Size: 256B - Virtual size: 256B

w9ata Size: 256B - Virtual size: 256B

w8ata Size: 256B - Virtual size: 256B

w7ata Size: 256B - Virtual size: 256B

w6ata Size: 256B - Virtual size: 256B

w5ata Size: 256B - Virtual size: 256B

w4ata Size: 256B - Virtual size: 256B

w3ata Size: 256B - Virtual size: 256B

w2ata Size: 256B - Virtual size: 256B

w1ata Size: 256B - Virtual size: 256B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 488B

u20
Size: 6KB - Virtual size: 6KB

.rdata
Size: 896B - Virtual size: 813B

.data
Size: 640B - Virtual size: 616B

wjata
Size: 256B - Virtual size: 256B

wiata
Size: 256B - Virtual size: 256B

whata
Size: 256B - Virtual size: 256B

wgata
Size: 256B - Virtual size: 256B

wfata
Size: 256B - Virtual size: 256B

weata
Size: 256B - Virtual size: 256B

wdata
Size: 256B - Virtual size: 256B

wcata
Size: 256B - Virtual size: 256B

wbata
Size: 256B - Virtual size: 256B

waata
Size: 256B - Virtual size: 256B

w9ata
Size: 256B - Virtual size: 256B

w8ata
Size: 256B - Virtual size: 256B

w7ata
Size: 256B - Virtual size: 256B

w6ata
Size: 256B - Virtual size: 256B

w5ata
Size: 256B - Virtual size: 256B

w4ata
Size: 256B - Virtual size: 256B

w3ata
Size: 256B - Virtual size: 256B

w2ata
Size: 256B - Virtual size: 256B

w1ata
Size: 256B - Virtual size: 256B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 488B