0fdc9008c48e7a12f7df62c77c96f47867dedf97f9a71e2f3c9bf4e9451b6609

Sharing

Copy URL Twitter E-mail

General

Target

0fdc9008c48e7a12f7df62c77c96f47867dedf97f9a71e2f3c9bf4e9451b6609
Size

77KB
MD5

6140f0c4afb2e2233ff3d9bbb77d5e6b
SHA1

4509afa9cc1872d5e4f91b4c455fc6ad9b16025a
SHA256

0fdc9008c48e7a12f7df62c77c96f47867dedf97f9a71e2f3c9bf4e9451b6609
SHA512

dfeb01cb22fe46056639ab02b3bf3866ed91207d0758b7961394f35bc6bcc7166de7399482b7de23f847ef7baf2a2938f694290b6f91897a62b74243fd995ec1
SSDEEP

1536:3hhdL4oKI0f8v/J5WXrTaiSdkT1EO3XsPbs+gK55Ey:RDLKIcSWXrTaiSCZzYbsLk5r

Score

N/A

Malware Config

Signatures

Files

0fdc9008c48e7a12f7df62c77c96f47867dedf97f9a71e2f3c9bf4e9451b6609
.exe windows x86

31aebfff071ae588eb611b6fb502403f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
PoCallDriver
PoStartNextPowerIrp
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ObfReferenceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoCreateFile
memcpy
IofCallDriver
IoAttachDevice
_purecall
IoGetCurrentProcess
ExFreePoolWithTag
_stricmp
KeGetCurrentThread
KeWaitForSingleObject
IoAllocateIrp
KeClearEvent
IoFileObjectType
strcmp
strncat
NtQuerySystemInformation
ZwClose
KeServiceDescriptorTable
ObInsertObject
MmIsAddressValid
sprintf
KeBugCheckEx
PsGetVersion
IoBuildDeviceIoControlRequest
KeInitializeEvent
memset
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlCopyUnicodeString
MmGetSystemRoutineAddress
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
IoRegisterShutdownNotification
KeSetPriorityThread
PsCreateSystemThread
RtlUnicodeStringToInteger
RtlTimeToTimeFields
_allmul
RtlWriteRegistryValue
RtlCreateRegistryKey
swprintf
RtlDeleteRegistryValue
ObQueryNameString
IoFreeIrp
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
ObCreateObject
IoFreeMdl
MmUnlockPages
IoCancelIrp
MmProbeAndLockPages
IoAllocateMdl
KeWaitForMultipleObjects
KeResetEvent
KeNumberProcessors
_aulldiv
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeTickCount
ExAllocatePoolWithTag
RtlInitUnicodeString
IoDriverObjectType
ObReferenceObjectByName
KeSetEvent
ObfDereferenceObject
strncpy
wcsncpy
strlen
RtlCompareMemory
ZwReadFile
ZwWriteFile
KeQuerySystemTime
strchr
wcschr
RtlUnwind

hal

KfReleaseSpinLock
KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql
KfAcquireSpinLock

Sections

page
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31aebfff071ae588eb611b6fb502403f

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

page Size: 46KB - Virtual size: 45KB

.text Size: 18KB - Virtual size: 18KB

.data Size: 5KB - Virtual size: 5KB

.cdata Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

page
Size: 46KB - Virtual size: 45KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 5KB

.cdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB