7bc0180edef22d626fb5098ed577f68178ece935b86e1b30975973c61ac7f5ec

Sharing

Copy URL Twitter E-mail

General

Target

7bc0180edef22d626fb5098ed577f68178ece935b86e1b30975973c61ac7f5ec
Size

56KB
MD5

6ae5028ee560e50b7b432f574560bddc
SHA1

e719db6767cb4025346bc11e5ab76aead0fb714f
SHA256

7bc0180edef22d626fb5098ed577f68178ece935b86e1b30975973c61ac7f5ec
SHA512

4f25f93cb21a2a9ac4660fbec959e48482c3f0f208ddbb4a526eee37ce3545e683d79c10f2a0fc53d03b5677a9ec687f6c6f0c4218f02507dce787986640b4ab
SSDEEP

1536:GGwxM8MqJCapPqyB1BVtKd1RfB+liO/Gy/Vix:GnM8MqnPXVt0RfIAqGy/Qx

Score

N/A

Malware Config

Signatures

Files

7bc0180edef22d626fb5098ed577f68178ece935b86e1b30975973c61ac7f5ec
.exe windows x86

5119659142d3694e2b8352b4a47aafaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlPrefixUnicodeString
memcpy
ExFreePoolWithTag
IoCreateSymbolicLink
IoDeleteSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetAttachedDeviceReference
ObfDereferenceObject
KeWaitForSingleObject
IoGetDeviceObjectPointer
KeReleaseMutex
RtlEqualUnicodeString
RtlInitUnicodeString
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlStringFromGUID
ExUuidCreate
RtlWriteRegistryValue
KeSetEvent
IoFreeWorkItem
ZwClose
ZwSetInformationFile
ZwWriteFile
ZwReadFile
IoSetThreadHardErrorMode
ZwCreateFile
RtlCreateSystemVolumeInformationFolder
IoQueueWorkItem
IoAllocateWorkItem
ZwQueryInformationFile
KeReleaseSemaphore
ObIsDosDeviceLocallyMapped
RtlQueryRegistryValues
memset
IoFreeIrp
ExAllocatePoolWithTag
ZwOpenFile
RtlDeleteRegistryValue
IoReportTargetDeviceChangeAsynchronous
RtlCompareUnicodeString
IoUnregisterPlugPlayNotification
IofCompleteRequest
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ExQueueWorkItem
ZwWaitForSingleObject
ZwOpenEvent
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteDevice
IoCancelIrp
KeResetEvent
IoUnregisterShutdownNotification
RtlUpcaseUnicodeChar
ZwQueryDirectoryFile
IoRegisterPlugPlayNotification
memmove
ObQueryNameString
IoFileObjectType
ZwQueryVolumeInformationFile
IoSetCompletionRoutineEx
IoInitializeIrp
IoAllocateIrp
IoSetSystemPartition
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
IoRegisterShutdownNotification
KeInitializeSemaphore
KeInitializeMutex
IoCreateDevice
RtlCreateRegistryKey
KeTickCount
KeBugCheckEx
ObReferenceObjectByHandle
ZwFsControlFile
KeGetCurrentThread

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5119659142d3694e2b8352b4a47aafaa

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 144B

PAGE Size: 35KB - Virtual size: 34KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 144B

PAGE
Size: 35KB - Virtual size: 34KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 2KB - Virtual size: 1KB