bf2fc21cbf92089c7d23eeb09a187d03cac55004090d1dcf013e0f6125b8a1f1

Sharing

Copy URL Twitter E-mail

General

Target

bf2fc21cbf92089c7d23eeb09a187d03cac55004090d1dcf013e0f6125b8a1f1
Size

327KB
MD5

6aee3960deeb6eec7b2240368272f67c
SHA1

7505fb0bb626f78ee932aa7783557a28fa3e3f67
SHA256

bf2fc21cbf92089c7d23eeb09a187d03cac55004090d1dcf013e0f6125b8a1f1
SHA512

429b20ec130113ac23b2c3d4dde31a7bee89d48ff288cd7340a884c77516e6e973eed896bec3c7a948ff65e812df5e5835734550580e468c1f9ebd9bd32b375e
SSDEEP

6144:T3y9MsvPFRXrEW1+12EfqvgewNP/b9q29THyxTB5Yii3ofXyIPDz:TziFRwg+1ffLP04TSxTbYl4fXywDz

Score

N/A

Malware Config

Signatures

Files

bf2fc21cbf92089c7d23eeb09a187d03cac55004090d1dcf013e0f6125b8a1f1
.exe windows x86

bf7e4ea53779ddd817ff5de1250ddfde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeDelayExecutionThread
IoGetCurrentProcess
ExAllocatePoolWithTag
IoCreateSymbolicLink
ObAssignSecurity
IoDeviceObjectType
SeCaptureSubjectContext
IoCreateDevice
memcpy
memset
memmove
ZwSetInformationFile
ZwQueryInformationFile
ZwClose
ZwCreateFile
RtlQueryRegistryValues
ZwDeleteKey
ZwOpenKey
wcschr
KeTickCount
KeBugCheckEx
IoDeleteSymbolicLink
IoDeleteDevice
ExFreePoolWithTag
KeStackAttachProcess
RtlNtStatusToDosErrorNoTeb
ZwUnmapViewOfSection
ObfDereferenceObject
KeReleaseMutex
ObReferenceObjectByHandle
_except_handler3
ExInitializeResourceLite
ExDeleteResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
KeWaitForSingleObject
_purecall
ObInsertObject
KeInitializeMutant
ObCreateObject
ObOpenObjectByName
ZwMapViewOfSection
ZwDuplicateObject
ZwCreateSection
KeUnstackDetachProcess
_allmul
ZwWaitForSingleObject
KeSetEvent
PsTerminateSystemThread
KeClearEvent
PsCreateSystemThread
KeInitializeEvent
RtlTimeToTimeFields
_aullrem
KeQuerySystemTime
KeQueryTimeIncrement
_alldiv
srand
rand
ZwReadFile
ZwWriteFile
CcFlushCache
IoFileObjectType
ZwQuerySystemInformation
RtlFreeAnsiString
DbgPrint
RtlUnicodeStringToAnsiString
ZwOpenFile
ZwQueryDirectoryFile
wcsrchr
PsGetCurrentThreadId
PsGetCurrentProcessId
RtlFreeUnicodeString
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
PsGetVersion
RtlCompareUnicodeString
_vsnprintf
RtlxAnsiStringToUnicodeSize
NlsMbOemCodePageTag
RtlxUnicodeStringToAnsiSize
_aullshr
RtlUpcaseUnicodeString
_aulldiv
memchr
strcmp
_allrem
IofCompleteRequest
KeGetCurrentThread
NtBuildNumber

hal

KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
KeGetCurrentIrql
KfLowerIrql

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf7e4ea53779ddd817ff5de1250ddfde

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 202KB - Virtual size: 202KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 42KB - Virtual size: 42KB

PAGE Size: 512B - Virtual size: 468B

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 202KB - Virtual size: 202KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 42KB - Virtual size: 42KB

PAGE
Size: 512B - Virtual size: 468B

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB