d950fed8032c9d5547f5d7353ada3994d42bf6d992f9ef1b3be5fbd1422e281f

General

Target

d950fed8032c9d5547f5d7353ada3994d42bf6d992f9ef1b3be5fbd1422e281f
Size

14KB
MD5

708d10fc722caf2f4cfc6c7f7f0868ea
SHA1

8c7737d38992014e4a350f87cba407de8bbd3d78
SHA256

d950fed8032c9d5547f5d7353ada3994d42bf6d992f9ef1b3be5fbd1422e281f
SHA512

207726a97f49659f6a17b5786b5dafe49d2600be937ab732ed3fbd2198ed766e6674db1b4d0ea9d4ab14085f8b941be64f66de2cda34a2cd81932cde0c71910c
SSDEEP

384:dF+RMBNm/URLkI2+KX8owLTBU2HS9Wf9dVZt:r+ynRLkX+KMvfBUu

Score

N/A

Malware Config

Signatures

Files

d950fed8032c9d5547f5d7353ada3994d42bf6d992f9ef1b3be5fbd1422e281f
.exe windows x86

5db02c8d51b94a26b44ee61224275d35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExGetPreviousMode
MmIsAddressValid
ProbeForWrite
ProbeForRead
_except_handler3
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
PsTerminateSystemThread
ExFreePool
RtlFreeAnsiString
_stricmp
_strlwr
RtlUnicodeStringToAnsiString
ExAllocatePoolWithTag
ZwQuerySystemInformation
strncmp
IoGetCurrentProcess
IofCompleteRequest
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmSizeOfMdl
ZwQueryInformationProcess
PsGetCurrentProcessId
_strupr
strrchr
PsSetLoadImageNotifyRoutine
ZwPulseEvent
MmGetSystemRoutineAddress
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5db02c8d51b94a26b44ee61224275d35

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 352B - Virtual size: 336B

.data Size: 9KB - Virtual size: 9KB

INIT Size: 960B - Virtual size: 946B

.reloc Size: 384B - Virtual size: 358B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 352B - Virtual size: 336B

.data
Size: 9KB - Virtual size: 9KB

INIT
Size: 960B - Virtual size: 946B

.reloc
Size: 384B - Virtual size: 358B