41a1e14d16234f7be4e09ab52ed18dfeb52dbe9d8f2345d40e90981e9a0e4bf3

General

Target

41a1e14d16234f7be4e09ab52ed18dfeb52dbe9d8f2345d40e90981e9a0e4bf3
Size

35KB
MD5

90bc37039473d3d5ddd22c36429e4d50
SHA1

0ce2307de48381bc9028e6387e0520580dbcd586
SHA256

41a1e14d16234f7be4e09ab52ed18dfeb52dbe9d8f2345d40e90981e9a0e4bf3
SHA512

07539a78713cd4b2081148f61acd8b47dbcaaf44871d9cdb89a6b7413357157963ef3e39c7b970692abb280e47e4673bdfa0d9bd2a74a89daba9c56278477b5c
SSDEEP

384:M6x2oVKCcK+jAamWRXRXjrYKx7Zlub3EGTXVWH4qu:zh+KZkxjrz7Za1hkI

Score

N/A

Malware Config

Signatures

Files

41a1e14d16234f7be4e09ab52ed18dfeb52dbe9d8f2345d40e90981e9a0e4bf3
.exe windows x86

1ee6f459521c3fd92ed83e85a9fbb11c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObOpenObjectByPointer
KeDetachProcess
ZwTerminateProcess
KeAttachProcess
ExFreePoolWithTag
ZwQuerySystemInformation
ExAllocatePool
DbgPrint
PsLookupProcessByProcessId
memcpy
RtlFreeUnicodeString
wcsstr
RtlUpcaseUnicodeString
RtlInitUnicodeString
ZwQueryInformationFile
ZwEnumerateKey
ZwEnumerateValueKey
MmGetSystemRoutineAddress
KeServiceDescriptorTable
ZwReadFile
ZwCreateFile
ZwOpenFile
ZwDeleteFile
RtlQueryRegistryValues
ObfDereferenceObject
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
NtMapViewOfSection
ZwAllocateVirtualMemory
MmSectionObjectType
memmove
ZwUnmapViewOfSection
_stricmp
ZwMapViewOfSection
PsGetCurrentProcessId
ZwOpenSection
KeDelayExecutionThread
PsCreateSystemThread
KeTickCount
KeBugCheckEx
ZwClose
ZwWriteFile
memset
RtlUnwind

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ee6f459521c3fd92ed83e85a9fbb11c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 512B - Virtual size: 468B

.data Size: 12KB - Virtual size: 11KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 512B - Virtual size: 468B

.data
Size: 12KB - Virtual size: 11KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB