e0a376d37e9bb2e40193c9e971af5da98952d98b733734b6b6d53fb1f9c43590

General

Target

e0a376d37e9bb2e40193c9e971af5da98952d98b733734b6b6d53fb1f9c43590
Size

39KB
MD5

6ceb3d616c004aced707e2ccdf0f6430
SHA1

d161d526400d107dfc3410d91b83e2e7c5b4e521
SHA256

e0a376d37e9bb2e40193c9e971af5da98952d98b733734b6b6d53fb1f9c43590
SHA512

fbd9b41af0871136fc0ae4ed1e57e8b65188d751e5072bb7fcae3fe57d1c0d3992ce99ad46f5432dc809eb28c7dcb676b355263e15363f27ff5450f48ee332b8
SSDEEP

768:/Lc26nZGDhIu+9vFDG/q8tE41++9NYD4eYSgAkY0bZm+ZesIhV1L9ddRMFmln:/Lc26nc9M9v5QHteMYD4eYSgtb/esE8Q

Score

N/A

Malware Config

Signatures

Files

e0a376d37e9bb2e40193c9e971af5da98952d98b733734b6b6d53fb1f9c43590
.exe windows x86

72f52dcef087dac973be16cd83d28fa6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
ZwOpenKey
RtlInitUnicodeString
ZwSetValueKey
wcslen
ZwQueryValueKey
_except_handler3
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
_snwprintf
_wcsnicmp
swprintf
_snprintf
ZwCreateKey
wcsstr
_wcslwr
ZwCreateFile
RtlAnsiStringToUnicodeString
PsGetVersion
ZwSetInformationFile
wcscpy
ZwDeleteKey
_stricmp
ObReferenceObjectByHandle
wcsncpy
wcsrchr
RtlCopyUnicodeString
wcschr
RtlCompareUnicodeString
KeDelayExecutionThread
KeQuerySystemTime
_wcsicmp
IoRegisterDriverReinitialization
IoGetCurrentProcess
strncmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
strncpy
PsSetCreateProcessNotifyRoutine
IoDeviceObjectType
wcscat
MmGetSystemRoutineAddress
PsLookupProcessByProcessId
IofCompleteRequest
PsCreateSystemThread

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72f52dcef087dac973be16cd83d28fa6

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 48B

PAGEWMI Size: 32B - Virtual size: 5B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 48B

PAGEWMI
Size: 32B - Virtual size: 5B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB