cb55922fc6235d4d93afd05f0e7264340abdbfc3ddb3557e16769cb86628e9df

General

Target

cb55922fc6235d4d93afd05f0e7264340abdbfc3ddb3557e16769cb86628e9df
Size

15KB
MD5

607434bde6d98e76c40936cb73edc35a
SHA1

666da284ef2aa47695af3cdfe0ef0c968f32af3d
SHA256

cb55922fc6235d4d93afd05f0e7264340abdbfc3ddb3557e16769cb86628e9df
SHA512

cb6012370a58fd200691e558368743da56ec32041da6f635a2c24ad747f5617f94decf082d465041936ecccb6dd93c6294e576d98dbb28b9cf64256f4f59a553
SSDEEP

192:gHuNSPY4xdvmlSL2WwINaNJ2SBvcTLW7+RAvl/ldlqvp6KuW/fJ1S6l2CiZbom:gH1PY1lD32Mvc6KCd/ldm3umM6zmx

Score

N/A

Malware Config

Signatures

Files

cb55922fc6235d4d93afd05f0e7264340abdbfc3ddb3557e16769cb86628e9df
.exe windows x86

cc0c17e42cdb8c95de3264b69117fed2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
ExAllocatePoolWithTag
KeServiceDescriptorTable
IofCompleteRequest
ZwClose
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwOpenKey
strstr
_strlwr
ZwQuerySystemInformation
_except_handler3
RtlFreeUnicodeString
ZwWriteFile
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
wcscat
RtlStringFromGUID
ExUuidCreate
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
PsTerminateSystemThread
_strnicmp
IoGetCurrentProcess
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
IoFreeMdl
MmUnlockPages
PsLookupProcessByProcessId
MmProbeAndLockPages
IoAllocateMdl

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc0c17e42cdb8c95de3264b69117fed2

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 512B - Virtual size: 412B

.data Size: 5KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 598B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 412B

.data
Size: 5KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 598B