fbdafb5c919841f268561887609100195d7d6d994333a1fb570e14350b02fa0a

General

Target

fbdafb5c919841f268561887609100195d7d6d994333a1fb570e14350b02fa0a
Size

64KB
MD5

60de5781260db62a1ee539564fd23562
SHA1

526df39cb98a3d5549a20c363b6e2c24c3790a25
SHA256

fbdafb5c919841f268561887609100195d7d6d994333a1fb570e14350b02fa0a
SHA512

95340c203b1c42e0c6afb4c476ae7d15ff1447bbb1514588932f164a5f7af2e512516e048b0d804708e3bdf91d9fd7df9fef2b56e9c65f9c4f54d3a34acd5c42
SSDEEP

1536:1aUVWx20VoZJdVFEmO5G2D/xxGTwYkoeoL6fwit4+fS:YUI20iZJdVFEmO5G27xxGTwYBL6h1a

Score

N/A

Malware Config

Signatures

Files

fbdafb5c919841f268561887609100195d7d6d994333a1fb570e14350b02fa0a
.exe windows x86

0f83e0f06b17ab63d286e457d673985c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
ExFreePool
ZwClose
PsSetLoadImageNotifyRoutine
ZwQuerySystemInformation
ExAllocatePoolWithTag
_stricmp
strncpy
strchr
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
IofCallDriver
IofCompleteRequest
_strnicmp
IoGetRequestorProcess
PsGetVersion
ProbeForRead
_except_handler3
IoGetCurrentProcess
RtlCompareUnicodeString
ObfDereferenceObject
ObQueryNameString
ZwUnmapViewOfSection
ZwOpenKey
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strncmp
ZwQueryDirectoryFile
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
InterlockedExchange
KeServiceDescriptorTable
IoAttachDeviceToDeviceStack
IoCreateDevice
IoGetDeviceObjectPointer
IoDeleteDevice
IoDetachDevice
ExReleaseFastMutexUnsafe
IoCreateSymbolicLink
ExAcquireFastMutexUnsafe
IoDeleteSymbolicLink
KeInitializeEvent
KeTickCount
KeBugCheckEx
ObReferenceObjectByHandle
_wcsicmp

hal

KfAcquireSpinLock

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f83e0f06b17ab63d286e457d673985c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 8KB - Virtual size: 8KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 8KB - Virtual size: 8KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB