3d5a62f13671e9ecea4e799db94c5beff063c5f006cf73ec50c2338412f361f7

General

Target

3d5a62f13671e9ecea4e799db94c5beff063c5f006cf73ec50c2338412f361f7
Size

20KB
MD5

920261a4bb6227a8fe6681d235ff625f
SHA1

9b4395173eb41b5b32acba36f77c539586927e65
SHA256

3d5a62f13671e9ecea4e799db94c5beff063c5f006cf73ec50c2338412f361f7
SHA512

962e838cc460df82d26a90ea69dfe78e02b84182d2f0c5ee538c4ac43e777842192798039402c4ec3f4d0263cf6d9c7620f03dd78ebff011524209dd611cb689
SSDEEP

384:eAFi95OQXSRADb47LTvTGtJliB9P/JJ92akjkW781gW:eAF6vDbgSniBujC1

Score

N/A

Malware Config

Signatures

Files

3d5a62f13671e9ecea4e799db94c5beff063c5f006cf73ec50c2338412f361f7
.exe windows x86

72c7339afb9d9cb176dcb326a40f225c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlLookupLastLargeMcbEntry
RtlFindLongestRunClear
CcGetLsnForFileObject
strcmp
strlen
ZwDisplayString
DbgPrint
KeInsertQueueDpc
IoWritePartitionTableEx
FsRtlInitializeMcb
RtlReserveChunk
READ_REGISTER_BUFFER_ULONG
RtlInt64ToUnicodeString
ExInitializeRundownProtection
ZwCreateFile
RtlAppendUnicodeStringToString
FsRtlIsNtstatusExpected
ExAllocatePool
memcpy
NtDuplicateObject
IoReportResourceForDetection
NtAllocateUuids
KdDebuggerEnabled
FsRtlNotifyFilterChangeDirectory
KeStackAttachProcess
RtlImageNtHeader
IoCreateSymbolicLink
CcInitializeCacheMap
ZwQueryInformationProcess
CcGetDirtyPages
MmIsAddressValid
ExFreePoolWithTag
PsRestoreImpersonation

Exports

Exports

UixIxexSlawkqmFd
Cjaogc
Wqnkgb

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 909B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c7339afb9d9cb176dcb326a40f225c

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 909B

.reloc Size: 512B - Virtual size: 78B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 909B

.reloc
Size: 512B - Virtual size: 78B

.rsrc
Size: 3KB - Virtual size: 2KB