Static task
static1
Behavioral task
behavioral1
Sample
190fdd3cfc65cc197bd556b8cf3600ac15400c5f7cc158858694599184e36678.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
190fdd3cfc65cc197bd556b8cf3600ac15400c5f7cc158858694599184e36678.exe
Resource
win10v2004-20220812-en
General
-
Target
190fdd3cfc65cc197bd556b8cf3600ac15400c5f7cc158858694599184e36678
-
Size
40KB
-
MD5
64a72af6d0a2f053e7873ce24817a9f3
-
SHA1
2e99058ed67f0fd1ca9675af4041109cd2f4e579
-
SHA256
190fdd3cfc65cc197bd556b8cf3600ac15400c5f7cc158858694599184e36678
-
SHA512
c76a1f7b6f33d08a2f41ff3e43cd27b62c63458251cee9a9db582096c0ea2900cf62211f382310e323aac358e4aa7a01ca26a7e6c5ec35216a3e3be324691eec
-
SSDEEP
768:qDNdhzB4ZhckJZWGi2XrGvwYrmX5HgPlfy7lryGtx17hU7VV61tWKvP6I3e6yd7D:iNdiCURByvwum8la7leGN7heVavPLedP
Malware Config
Signatures
Files
-
190fdd3cfc65cc197bd556b8cf3600ac15400c5f7cc158858694599184e36678.exe windows x86
6e0757bc8b93cbc3d1b82a5e6229e4e1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
MmIsAddressValid
IoDeviceObjectType
ObReferenceObjectByHandle
_stricmp
wcsstr
_wcslwr
KeDelayExecutionThread
KeQuerySystemTime
ZwOpenKey
_wcsicmp
ZwQueryValueKey
PsCreateSystemThread
ZwSetValueKey
ZwCreateKey
_snwprintf
_wcsnicmp
wcslen
ZwSetInformationFile
wcscpy
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
_except_handler3
strncmp
IofCompleteRequest
IoRegisterDriverReinitialization
wcsncpy
wcsrchr
PsGetVersion
strncpy
PsLookupProcessByProcessId
wcschr
IoGetCurrentProcess
RtlCopyUnicodeString
wcscat
RtlCompareUnicodeString
ZwDeleteKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
MmGetSystemRoutineAddress
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 82B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ