164c9bf7ab64e39a0e868d26b097415e28f6493f8f65a9b1a514f160a4320dad

General

Target

164c9bf7ab64e39a0e868d26b097415e28f6493f8f65a9b1a514f160a4320dad
Size

211KB
MD5

655ea092ad1992fb7b8e39f343b788d0
SHA1

8225ceda12474b80762975fa2f5c0e5def3000d6
SHA256

164c9bf7ab64e39a0e868d26b097415e28f6493f8f65a9b1a514f160a4320dad
SHA512

ce2dbad0fcab5b289ab393fe6870eb708d2c7e36bc5de307f9dcac6092f5bb500fcfa22c73b0e43d8e85b6ad02f7278fc0358d34f6caa71776a30a26e4975cfc
SSDEEP

3072:MG0ZdnhI7Jo6ffz3aDwCcPHNFvLunNoRcFfC/Y0TiTBf5dDPrs:MG0Hhx6zew9PHrvqNoRc4YSiTBn3s

Score

N/A

Malware Config

Signatures

Files

164c9bf7ab64e39a0e868d26b097415e28f6493f8f65a9b1a514f160a4320dad
.exe windows x86

999f41e086eca4ee9286a98a473467ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwInitiatePowerAction
ExDeletePagedLookasideList
ZwQueryInformationProcess
_alldvrm
ExAcquireResourceExclusiveLite
FsRtlIsNameInExpression
isspace
isupper
RtlFindSetBitsAndClear
IoQueryFileDosDeviceName
ZwDuplicateToken
KeSetIdealProcessorThread
KeRegisterBugCheckReasonCallback
ExInterlockedExtendZone
PoRegisterSystemState
NtWriteFile
towlower
ExAcquireFastMutexUnsafe
isdigit
IoConnectInterrupt
IoSetSystemPartition
RtlImageNtHeader
strrchr
LpcRequestPort
memcpy
memchr
ExAllocatePool
MmFreeContiguousMemorySpecifyCache
PsSetProcessPriorityByClass
DbgPrint
strspn
islower
FsRtlInitializeOplock
ExFreePoolWithTag
MmRemovePhysicalMemory
MmUnsecureVirtualMemory
InbvCheckDisplayOwnership
IoSetPartitionInformation
strcmp
wcstombs
MmGetPhysicalAddress
RtlDowncaseUnicodeString

Exports

Exports

VkNqwtOjqmjBxilojz
MavJmgbtqcHcmdhyeXetu

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

999f41e086eca4ee9286a98a473467ed

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.INIT Size: 1KB - Virtual size: 1KB

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 14KB - Virtual size: 13KB

.INIT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 124B