f7977204742633d98fa10092f17bd38f92e9e6b08d8ad46fbdb9b5bf407cd1cf

General

Target

f7977204742633d98fa10092f17bd38f92e9e6b08d8ad46fbdb9b5bf407cd1cf
Size

20KB
MD5

6269296406aca17ff31a4b9a066cb564
SHA1

a331dce916dd39463de0caa0c89ca1217f3c6804
SHA256

f7977204742633d98fa10092f17bd38f92e9e6b08d8ad46fbdb9b5bf407cd1cf
SHA512

5612753a14666eb2b7e79f0348577580eee41f9361a2dcfe7e8c38c96ebbd0e2ffb4184aa41de6c2d1b1d568b5ddf13a9eddd011936d7cc7495840beecce1890
SSDEEP

384:fAFi95OQXSRADb47LTvTGtJliB9P/JJ92akjkW781gW:fAF6vDbgSniBujC1

Score

N/A

Malware Config

Signatures

Files

f7977204742633d98fa10092f17bd38f92e9e6b08d8ad46fbdb9b5bf407cd1cf
.exe windows x86

72c7339afb9d9cb176dcb326a40f225c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlLookupLastLargeMcbEntry
RtlFindLongestRunClear
CcGetLsnForFileObject
strcmp
strlen
ZwDisplayString
DbgPrint
KeInsertQueueDpc
IoWritePartitionTableEx
FsRtlInitializeMcb
RtlReserveChunk
READ_REGISTER_BUFFER_ULONG
RtlInt64ToUnicodeString
ExInitializeRundownProtection
ZwCreateFile
RtlAppendUnicodeStringToString
FsRtlIsNtstatusExpected
ExAllocatePool
memcpy
NtDuplicateObject
IoReportResourceForDetection
NtAllocateUuids
KdDebuggerEnabled
FsRtlNotifyFilterChangeDirectory
KeStackAttachProcess
RtlImageNtHeader
IoCreateSymbolicLink
CcInitializeCacheMap
ZwQueryInformationProcess
CcGetDirtyPages
MmIsAddressValid
ExFreePoolWithTag
PsRestoreImpersonation

Exports

Exports

UixIxexSlawkqmFd
Cjaogc
Wqnkgb

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 909B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c7339afb9d9cb176dcb326a40f225c

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 909B

.reloc Size: 512B - Virtual size: 78B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 909B

.reloc
Size: 512B - Virtual size: 78B

.rsrc
Size: 3KB - Virtual size: 2KB