c1d4fd4fb62527bfa2ab673092dcd54b71733bc6f737695ab0602f27275494bd

General

Target

c1d4fd4fb62527bfa2ab673092dcd54b71733bc6f737695ab0602f27275494bd
Size

18KB
MD5

71ce3cc12a9db5864798d980626b3e5d
SHA1

1c6623b4c0f8e7664ecefcd58a439702ea6d8d1f
SHA256

c1d4fd4fb62527bfa2ab673092dcd54b71733bc6f737695ab0602f27275494bd
SHA512

ca3336a2952ece44703109bbd84b11543313ec426d32658569fa937ff4c4c4661ecbf15a0ddcc5409f43c005fa51bcbee8422d510ca2d497e6a0a6d0e8a6f4df
SSDEEP

192:lUrfjssk/DgD82ON9bL4Nd/SZWfTPd7/FV2Cleuznp6Qb3c8ogDXp2sswVN/1:ofArgD+N9QfSZU79W+euwQ48hN2oh

Score

N/A

Malware Config

Signatures

Files

c1d4fd4fb62527bfa2ab673092dcd54b71733bc6f737695ab0602f27275494bd
.exe windows x86

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
_strupr
ExFreePoolWithTag
ExAllocatePoolWithTag
wcscpy
wcscmp
wcslen
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
IofCompleteRequest
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
swprintf
strchr
wcsncmp
RtlAssert

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1024B - Virtual size: 968B

.rsrc Size: 128B - Virtual size: 16B

.reloc Size: 896B - Virtual size: 820B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 968B

.rsrc
Size: 128B - Virtual size: 16B

.reloc
Size: 896B - Virtual size: 820B