2325646f849d1450f2a3786eb10c0998e99403ac4155e2709af1bbe126e3d087

General

Target

2325646f849d1450f2a3786eb10c0998e99403ac4155e2709af1bbe126e3d087
Size

135KB
MD5

6b152469892926fc91da7921af8a4e58
SHA1

2d9716a1300214d71c78b138b6b2c14a9388363c
SHA256

2325646f849d1450f2a3786eb10c0998e99403ac4155e2709af1bbe126e3d087
SHA512

0f03325f35c2cbe7b9549b388d28200816a762fb67e00ffaf97cf11f3b3dec75d4569d17a2d9a370ab6723222ea7815bf5e84a8982f7aaf87e0be0a4693d5684
SSDEEP

3072:GylUtT8/+UL65OrYrs7M4e30FvlyHvKkXmSC+KvgguJ:G/ty++Yrs7M/3AyHyVSFKvgJ

Score

N/A

Malware Config

Signatures

Files

2325646f849d1450f2a3786eb10c0998e99403ac4155e2709af1bbe126e3d087
.exe windows x86

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

isdigit
InbvCheckDisplayOwnership
wcstombs
PoRegisterSystemState
isupper
memcpy
islower
ZwDuplicateToken
IoSetSystemPartition
ExAcquireSharedStarveExclusive
KeSetIdealProcessorThread
MmGetPhysicalAddress
IoQueryFileDosDeviceName
RtlFindSetBitsAndClear
ExInterlockedExtendZone
NtWriteFile
KeRegisterBugCheckReasonCallback
ExFreePoolWithTag
memchr
towlower
MmRemovePhysicalMemory
_alldvrm
ExDeletePagedLookasideList
ExAcquireSharedWaitForExclusive
strcmp
LpcRequestPort
IoConnectInterrupt
RtlDowncaseUnicodeString
DbgPrint
strrchr
FsRtlIsNameInExpression
MmFreeContiguousMemorySpecifyCache
ZwInitiatePowerAction
ExAllocatePool
strspn
ZwQueryInformationProcess
isspace
RtlImageNtHeader
PsSetProcessPriorityByClass
MmUnsecureVirtualMemory
IoSetPartitionInformation
FsRtlInitializeOplock

Exports

Exports

TmNbpnm
WkpgodaBwuh
RjgdXljfWoxymb
DdYzechRkpbxCvmzio

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.INIT Size: 1KB - Virtual size: 1KB

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 14KB - Virtual size: 13KB

.INIT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 124B