80644f4e2beb0d61210c7986018910f69c5692ab460ceb5c8cd10ebd4515c755

Sharing

Copy URL Twitter E-mail

General

Target

80644f4e2beb0d61210c7986018910f69c5692ab460ceb5c8cd10ebd4515c755
Size

32KB
MD5

62b7da7125118cfd05a9a7487d7db7c0
SHA1

08e5fdc6c887095afcdc0d6d68186540176697ba
SHA256

80644f4e2beb0d61210c7986018910f69c5692ab460ceb5c8cd10ebd4515c755
SHA512

21184300e3ecadc870358805e234789e237b2402bee10958b71278b524462c058b3b91e60038bdde5b9dbf53f1009d90646629151e6c88ebc120f25d6df7ccd3
SSDEEP

768:uE98dOjKa0Iy2//nlAFG7rqUv29nbS0X6t:99iUe9btq

Score

N/A

Malware Config

Signatures

Files

80644f4e2beb0d61210c7986018910f69c5692ab460ceb5c8cd10ebd4515c755
.exe windows x86

3af4f4faa80e0c21f01b722b50f67ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_except_handler3
ZwQuerySystemInformation
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
RtlFreeUnicodeString
IoCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IofCompleteRequest
strncmp
IoGetCurrentProcess
IoDeleteDevice
IoDeleteSymbolicLink
ZwPulseEvent
IoCreateSymbolicLink
IoCreateDevice
ProbeForWrite
PsCreateSystemThread
MmCreateMdl
KePulseEvent
KeInitializeMutex
MmMapIoSpace
KeTickCount
KeBugCheckEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sosata2
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sosata1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t12ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t11ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tzata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tyata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

txata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

twata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tvata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tuata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ttata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tsata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

trata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tqata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tpata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.toata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tnata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tmata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tlata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tkata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tjata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tiata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.thata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tgata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tfata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.teata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tcata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tbata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.taata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t9ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t8ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t7ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t6ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t5ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t4ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t3ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t2ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t1ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ESTisb
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3af4f4faa80e0c21f01b722b50f67ac1

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 768B - Virtual size: 716B

sosata2 Size: 128B - Virtual size: 28B

sosata1 Size: 4KB - Virtual size: 4KB

t12ata Size: 256B - Virtual size: 256B

t11ata Size: 256B - Virtual size: 256B

tzata Size: 256B - Virtual size: 256B

tyata Size: 256B - Virtual size: 256B

txata Size: 256B - Virtual size: 256B

twata Size: 256B - Virtual size: 256B

tvata Size: 256B - Virtual size: 256B

tuata Size: 256B - Virtual size: 256B

ttata Size: 256B - Virtual size: 256B

tsata Size: 256B - Virtual size: 256B

trata Size: 256B - Virtual size: 256B

tqata Size: 256B - Virtual size: 256B

tpata Size: 256B - Virtual size: 256B

.toata Size: 256B - Virtual size: 256B

.tnata Size: 256B - Virtual size: 256B

.tmata Size: 256B - Virtual size: 256B

.tlata Size: 256B - Virtual size: 256B

.tkata Size: 256B - Virtual size: 256B

.tjata Size: 256B - Virtual size: 256B

.tiata Size: 256B - Virtual size: 256B

.thata Size: 256B - Virtual size: 256B

.tgata Size: 256B - Virtual size: 256B

.tfata Size: 256B - Virtual size: 256B

.teata Size: 256B - Virtual size: 256B

.tdata Size: 256B - Virtual size: 256B

.tcata Size: 256B - Virtual size: 256B

.tbata Size: 256B - Virtual size: 256B

.taata Size: 256B - Virtual size: 256B

.t9ata Size: 256B - Virtual size: 256B

.t8ata Size: 256B - Virtual size: 256B

.t7ata Size: 256B - Virtual size: 256B

.t6ata Size: 256B - Virtual size: 256B

.t5ata Size: 256B - Virtual size: 256B

.t4ata Size: 256B - Virtual size: 256B

.t3ata Size: 256B - Virtual size: 256B

.t2ata Size: 256B - Virtual size: 256B

.t1ata Size: 512B - Virtual size: 512B

.ESTisb Size: 2KB - Virtual size: 2KB

INIT Size: 1024B - Virtual size: 996B

.reloc Size: 896B - Virtual size: 832B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 768B - Virtual size: 716B

sosata2
Size: 128B - Virtual size: 28B

sosata1
Size: 4KB - Virtual size: 4KB

t12ata
Size: 256B - Virtual size: 256B

t11ata
Size: 256B - Virtual size: 256B

tzata
Size: 256B - Virtual size: 256B

tyata
Size: 256B - Virtual size: 256B

txata
Size: 256B - Virtual size: 256B

twata
Size: 256B - Virtual size: 256B

tvata
Size: 256B - Virtual size: 256B

tuata
Size: 256B - Virtual size: 256B

ttata
Size: 256B - Virtual size: 256B

tsata
Size: 256B - Virtual size: 256B

trata
Size: 256B - Virtual size: 256B

tqata
Size: 256B - Virtual size: 256B

tpata
Size: 256B - Virtual size: 256B

.toata
Size: 256B - Virtual size: 256B

.tnata
Size: 256B - Virtual size: 256B

.tmata
Size: 256B - Virtual size: 256B

.tlata
Size: 256B - Virtual size: 256B

.tkata
Size: 256B - Virtual size: 256B

.tjata
Size: 256B - Virtual size: 256B

.tiata
Size: 256B - Virtual size: 256B

.thata
Size: 256B - Virtual size: 256B

.tgata
Size: 256B - Virtual size: 256B

.tfata
Size: 256B - Virtual size: 256B

.teata
Size: 256B - Virtual size: 256B

.tdata
Size: 256B - Virtual size: 256B

.tcata
Size: 256B - Virtual size: 256B

.tbata
Size: 256B - Virtual size: 256B

.taata
Size: 256B - Virtual size: 256B

.t9ata
Size: 256B - Virtual size: 256B

.t8ata
Size: 256B - Virtual size: 256B

.t7ata
Size: 256B - Virtual size: 256B

.t6ata
Size: 256B - Virtual size: 256B

.t5ata
Size: 256B - Virtual size: 256B

.t4ata
Size: 256B - Virtual size: 256B

.t3ata
Size: 256B - Virtual size: 256B

.t2ata
Size: 256B - Virtual size: 256B

.t1ata
Size: 512B - Virtual size: 512B

.ESTisb
Size: 2KB - Virtual size: 2KB

INIT
Size: 1024B - Virtual size: 996B

.reloc
Size: 896B - Virtual size: 832B