aeb3cc006ae8039c3ea0b71bef746214e3ce3a6c795e545fda4fd9d7e27e7e08

General

Target

aeb3cc006ae8039c3ea0b71bef746214e3ce3a6c795e545fda4fd9d7e27e7e08
Size

22KB
MD5

918170924114c784fc88970b776912ac
SHA1

00725fa829b19880824c81d349d3fcf2a1af8de9
SHA256

aeb3cc006ae8039c3ea0b71bef746214e3ce3a6c795e545fda4fd9d7e27e7e08
SHA512

e1c5d1f1c0a0ea5fbcedd08d60bbecfaf447fdec1d69fe3e93c20af285022ec6393b4379ae1c4ef174ea35e34cb1240b40bccdb51d88c55dea76773d28230e8c
SSDEEP

384:1cMBzqmv/HQ+dtVCEQWhY5lyh1ZS/Quv1ZB/D44LcP4O//YBcG2A:1cMNo+dtVCqhY5AVSNt4ScQO/w2GB

Score

N/A

Malware Config

Signatures

Files

aeb3cc006ae8039c3ea0b71bef746214e3ce3a6c795e545fda4fd9d7e27e7e08
.dll windows x64

b3c0656bdb0e88910304cb5e9cd57592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlImageNtHeader
RtlImageDirectoryEntryToData
IoAllocateIrp
IoAllocateMdl
MmProbeAndLockPages
KeInitializeEvent
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
ExFreePoolWithTag
FsRtlAllocatePool
IofCompleteRequest
KeStackAttachProcess
strchr
_snwprintf
RtlInitUnicodeString
ZwOpenFile
ZwCreateSection
ZwMapViewOfSection
ZwAllocateVirtualMemory
_snprintf
PsWrapApcWow64Thread
KeInitializeApc
KeInsertQueueApc
ZwUnmapViewOfSection
ZwClose
KeUnstackDetachProcess
ZwOpenProcess
PsGetProcessImageFileName
KeSetEvent
IoGetCurrentProcess
PsGetCurrentProcessId
IoIs32bitProcess
ExQueueWorkItem
FsRtlIsNameInExpression
PsGetProcessPeb
ZwOpenKey
ZwQueryValueKey
wcsstr
ZwSetValueKey
ObfReferenceObject
ObMakeTemporaryObject
ObReferenceObjectByName
IoDriverObjectType
IoCreateDevice
ObfDereferenceObject
ObQueryNameString
RtlRandom
IoCreateDriver
ZwReadFile
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
ZwDeviceIoControlFile
ObReferenceObjectByHandle
ZwCreateFile
ZwWriteFile
RtlWriteRegistryValue
strncpy
_strnicmp
FsRtlInitializeFileLock
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlProcessFileLock
strrchr
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
KeLeaveCriticalRegion
NtLockFile
ZwQueryInformationFile
_strlwr
strstr
ZwFreeVirtualMemory

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3c0656bdb0e88910304cb5e9cd57592

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 40KB

.pdata Size: 1024B - Virtual size: 516B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 40KB

.pdata
Size: 1024B - Virtual size: 516B