6b6fc9968d0e20331202cba5c30b14ca7006f0fce9914b87f4473e4bdc1eca4a

Sharing

Copy URL Twitter E-mail

General

Target

6b6fc9968d0e20331202cba5c30b14ca7006f0fce9914b87f4473e4bdc1eca4a
Size

35KB
MD5

46c91f60a8da77a996db40d4aa87f080
SHA1

b33a39794530ec99f75e648d85a32d7b213f75b7
SHA256

6b6fc9968d0e20331202cba5c30b14ca7006f0fce9914b87f4473e4bdc1eca4a
SHA512

35204812fbb848e2f224915cc4bb7cc4ce050919e5dd80285f5a62e5790db0bae9cb7c87610cc3150be1dd90b0c37a3d00300148b016eedb79c47d8f05156e44
SSDEEP

768:lkfxY+EU3zNmTQN6xcsNhfsVe2R9RLDzbSn:6fxTKQNpte2PRfSn

Score

N/A

Malware Config

Signatures

Files

6b6fc9968d0e20331202cba5c30b14ca7006f0fce9914b87f4473e4bdc1eca4a
.exe windows x86

6b66987c55d19818f800b7034408edb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceObjectPointer
ExFreePool
RtlPrefixUnicodeString
ZwQueryDirectoryObject
ExAllocatePoolWithTag
ZwOpenDirectoryObject
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
_except_handler3
RtlFreeUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeDelayExecutionThread
IoReleaseRemoveLockEx
IoReportTargetDeviceChangeAsynchronous
KeSetEvent
IoFreeMdl
MmUnlockPages
KeLeaveCriticalRegion
ExReleaseResourceLite
ZwDeviceIoControlFile
ObReferenceObjectByHandle
IoFileObjectType
ZwOpenFile
RtlInitUnicodeString
swprintf
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
ZwClose
IoSetHardErrorOrVerifyDevice
_abnormal_termination
IofCompleteRequest
PoCallDriver
PoStartNextPowerIrp
IoAcquireRemoveLockEx
ExInitializeResourceLite
ExDeleteResourceLite
RtlUnicodeStringToInteger
_local_unwind2
RtlCompareMemory
RtlDowncaseUnicodeString
ZwQueryInformationProcess
IoDetachDevice
ExDeleteNPagedLookasideList
IoInitializeRemoveLockEx
ExInitializeNPagedLookasideList
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoGetAttachedDeviceReference
IoIsWdmVersionAvailable
InterlockedIncrement
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
MmProbeAndLockPages
IoAllocateMdl
IoFreeIrp
IoAllocateIrp
IoReleaseRemoveLockAndWaitEx
InitSafeBootMode
PsGetVersion
MmBuildMdlForNonPagedPool
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
InterlockedDecrement
ObfDereferenceObject
ExInterlockedPushEntrySList
KeInitializeEvent
ExInterlockedPopEntrySList
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlTimeFieldsToTime
_aulldiv
ZwQuerySystemInformation
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwOpenKey
ZwCreateFile

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b66987c55d19818f800b7034408edb4

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 128B - Virtual size: 108B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 128B - Virtual size: 108B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB