e153a83f6379979f7a9cf96fae28972f58170c58a03f8c391177560f18e6c1db

General

Target

e153a83f6379979f7a9cf96fae28972f58170c58a03f8c391177560f18e6c1db
Size

34KB
MD5

667e1f44d05430883a10b3165849f4a3
SHA1

0d9b06de32f7ad19aceb8a4c2ec2e186762685e9
SHA256

e153a83f6379979f7a9cf96fae28972f58170c58a03f8c391177560f18e6c1db
SHA512

15e04cbc16bd15f33c36cbbd209ae7b283fd08aa24c10810c877c3666cba483353134341fd74c2d3e1fed352cfdd328aa5b063deb0e95f7c93a8dcf7f0edca00
SSDEEP

768:FWRkYZimtjd8b7z6eV/0fxfBkTz9VUVGBpDGJ4thU8evP/jgiAQp3uoqOiM:FWkAimtjdwzZ/cfWtVUVymYhUnP/jkQH

Score

N/A

Malware Config

Signatures

Files

e153a83f6379979f7a9cf96fae28972f58170c58a03f8c391177560f18e6c1db
.exe windows x86

034457684e5fece42a606e5790a24784

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
RtlInitUnicodeString
ZwSetValueKey
ZwClose
ZwSetInformationFile
ZwCreateFile
wcscpy
IofCompleteRequest
ZwQueryValueKey
ZwOpenKey
_except_handler3
KeQuerySystemTime
ZwCreateKey
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
wcsstr
_wcslwr
strncmp
_wcsnicmp
RtlCompareUnicodeString
ObQueryNameString
MmGetSystemRoutineAddress
KeDelayExecutionThread
IoRegisterDriverReinitialization
RtlConvertSidToUnicodeString
ExFreePool
ExAllocatePoolWithTag
ZwQueryInformationToken
ObOpenObjectByPointer
PsReferencePrimaryToken
_snprintf
_stricmp
strncpy
PsLookupProcessByProcessId
_wcsicmp
IoGetCurrentProcess
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
_snwprintf
wcschr
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
RtlAnsiStringToUnicodeString

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 45B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

034457684e5fece42a606e5790a24784

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 64B - Virtual size: 45B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 640B - Virtual size: 616B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 64B - Virtual size: 45B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 640B - Virtual size: 616B

.reloc
Size: 1KB - Virtual size: 1KB