9e367a05a6c6c8c0a7d7b6b22004041649863a87cd7b4ead7bf56337d46e1a5b

General

Target

9e367a05a6c6c8c0a7d7b6b22004041649863a87cd7b4ead7bf56337d46e1a5b
Size

32KB
MD5

921528610afc0a5ce3309377b030da73
SHA1

6b6aefcd8bbd385c7687155ee4c28adc9d5f9568
SHA256

9e367a05a6c6c8c0a7d7b6b22004041649863a87cd7b4ead7bf56337d46e1a5b
SHA512

4a9f7bfa8d88e06caa389ef218fdaa756784a3a1c177a705363b260ee8873f79e775030306eb7ec1f089ab35a209bc3d8971345e86aded8cc5b7fb6958cef395
SSDEEP

768:mkXWcPmZNa0i8E+Wwdbez9fGZm7hZLjHUYHGfL2fFBq+Cihp0LPWe5ama:1XWcPmRi8E+WwdM9fGZm7h5YYmD2fmbQ

Score

N/A

Malware Config

Signatures

Files

9e367a05a6c6c8c0a7d7b6b22004041649863a87cd7b4ead7bf56337d46e1a5b
.exe windows x86

915d5372810d529d49b8c312075d7dae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
MmIsAddressValid
PsLookupProcessByProcessId
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
ZwClose
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
IofCompleteRequest
IoDetachDevice
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
KeInitializeEvent
IoDeleteDevice
PsGetVersion
IoCreateDevice
InterlockedDecrement
ExFreePool
KeSetEvent
KeWaitForSingleObject
IofCallDriver
IoCreateFile
IoFreeIrp
MmUnmapViewOfSection
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
InterlockedIncrement
IoIsWdmVersionAvailable
RtlCopyUnicodeString
ExAllocatePoolWithTag
RtlFreeUnicodeString
IoSetDeviceInterfaceState
PoCallDriver
PoStartNextPowerIrp
InterlockedExchange
KeClearEvent
KeInitializeSpinLock
_except_handler3
ObOpenObjectByPointer
ZwTerminateProcess
KeAttachProcess
KeGetCurrentThread
KeDetachProcess

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

915d5372810d529d49b8c312075d7dae

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 128B - Virtual size: 36B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 888B

.reloc Size: 640B - Virtual size: 626B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 128B - Virtual size: 36B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 888B

.reloc
Size: 640B - Virtual size: 626B