541586c3642bd740d750f76707680766a9b0b64fbab7d33d0d73a3d0b5d6ae01

Sharing

Copy URL Twitter E-mail

General

Target

541586c3642bd740d750f76707680766a9b0b64fbab7d33d0d73a3d0b5d6ae01
Size

63KB
MD5

69d9ff8569b0f077335edaeeeb491234
SHA1

8e9706a3d0a602ac0e16c9c71080ae4182189fa3
SHA256

541586c3642bd740d750f76707680766a9b0b64fbab7d33d0d73a3d0b5d6ae01
SHA512

3179f8456d453ca64a7586b08b617581f735af33043c9196db34c4aba08016e551acb9baf8f541567406f950dd155b7311b4d6c0b30461fce71edf618085407b
SSDEEP

768:FkTOK7sYRj9AYu48sSJoGFmccEaZVIjIP9L5MFVDhKroFEFVaJ+ZM5ZYsz7aQ4ud:F4OiEGmJtmskb96FNYroFEFUJ+uhzGC

Score

N/A

Malware Config

Signatures

Files

541586c3642bd740d750f76707680766a9b0b64fbab7d33d0d73a3d0b5d6ae01
.dll windows x86

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwAllocateVirtualMemory
PsTerminateSystemThread
RtlEqualUnicodeString
IoReleaseRemoveLockEx
IoSetHardErrorOrVerifyDevice
SeDeleteObjectAuditAlarm
ZwQueryObject
IoUpdateShareAccess
CcPinMappedData
ObReferenceObjectByPointer
RtlCopyUnicodeString
KeInitializeDpc
ExFreePool
MmHighestUserAddress
ProbeForRead
ZwUnloadDriver
ExReinitializeResourceLite
MmFreeContiguousMemory
CcUnpinRepinnedBcb
KeSetBasePriorityThread
MmLockPagableSectionByHandle
CcUninitializeCacheMap
MmAllocateMappingAddress
KeRemoveQueue
IoVolumeDeviceToDosName
RtlSplay
MmFreeMappingAddress
IoSetThreadHardErrorMode
KeSetTimerEx
RtlAreBitsSet
KeQueryActiveProcessors
ZwOpenSection
IoCreateStreamFileObjectLite
RtlFreeOemString
SeAccessCheck
PoRegisterSystemState
IoCancelIrp
MmFlushImageSection
FsRtlIsTotalDeviceFailure
IoGetCurrentProcess
IoCreateDevice
MmProbeAndLockProcessPages
CcUnpinData
SeAppendPrivileges
PoSetSystemState
ExRegisterCallback
KeInitializeTimerEx
KeClearEvent
ObInsertObject
KeInsertDeviceQueue
KeRegisterBugCheckCallback
KeSetKernelStackSwapEnable
RtlCreateSecurityDescriptor
KeGetCurrentThread
KeRemoveQueueDpc
CcPinRead
IoAcquireRemoveLockEx
IoWMIWriteEvent
ExNotifyCallback
ExReleaseFastMutexUnsafe
IoAllocateIrp
RtlPrefixUnicodeString
IoInitializeIrp
RtlAnsiCharToUnicodeChar
RtlLengthRequiredSid
ObCreateObject
RtlSecondsSince1970ToTime
IoGetTopLevelIrp
RtlDeleteElementGenericTable
IoRaiseHardError
RtlCompareMemory
MmAllocateContiguousMemory
RtlInitializeUnicodePrefix
RtlInitializeGenericTable
FsRtlSplitLargeMcb

Exports

Exports

?CrtStringW@@YGPAIPA_NPAJKG<V
?SendCommandLineExW@@YGNPANNPAMI<V
?RtlPathOriginal@@YGPAFPAMMPAE<V
?DecrementCommandLineNew@@YGHE<V
?HideMessageEx@@YGPA_NE<V
?CallProjectNew@@YGIPAMK<V

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 28KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 872B