764824db9f863d719e5b2e702028f5f617e11edec7e63d733d8f2fb580f062c1

Sharing

Copy URL Twitter E-mail

General

Target

764824db9f863d719e5b2e702028f5f617e11edec7e63d733d8f2fb580f062c1
Size

72KB
MD5

5af8af583133faca92c2b96fec27a916
SHA1

6972794b1eb856c5d54c68f0b3aee8bd7981fd3c
SHA256

764824db9f863d719e5b2e702028f5f617e11edec7e63d733d8f2fb580f062c1
SHA512

9b90e7704faf82b7ea271688296b61b6c16ebc62df678f67db129a77784083f49d5919e2d0a6eb0e97b4b75034f1be378115adb6d2de5d4138292224990c9d93
SSDEEP

1536:84OiEGmJtmskb96FNYroFEFUJ+u15w8xJXO3O:8qx8WF2+Uq8x0e

Score

N/A

Malware Config

Signatures

Files

764824db9f863d719e5b2e702028f5f617e11edec7e63d733d8f2fb580f062c1
.dll windows x86

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwAllocateVirtualMemory
PsTerminateSystemThread
RtlEqualUnicodeString
IoReleaseRemoveLockEx
IoSetHardErrorOrVerifyDevice
SeDeleteObjectAuditAlarm
ZwQueryObject
IoUpdateShareAccess
CcPinMappedData
ObReferenceObjectByPointer
RtlCopyUnicodeString
KeInitializeDpc
ExFreePool
MmHighestUserAddress
ProbeForRead
ZwUnloadDriver
ExReinitializeResourceLite
MmFreeContiguousMemory
CcUnpinRepinnedBcb
KeSetBasePriorityThread
MmLockPagableSectionByHandle
CcUninitializeCacheMap
MmAllocateMappingAddress
KeRemoveQueue
IoVolumeDeviceToDosName
RtlSplay
MmFreeMappingAddress
IoSetThreadHardErrorMode
KeSetTimerEx
RtlAreBitsSet
KeQueryActiveProcessors
ZwOpenSection
IoCreateStreamFileObjectLite
RtlFreeOemString
SeAccessCheck
PoRegisterSystemState
IoCancelIrp
MmFlushImageSection
FsRtlIsTotalDeviceFailure
IoGetCurrentProcess
IoCreateDevice
MmProbeAndLockProcessPages
CcUnpinData
SeAppendPrivileges
PoSetSystemState
ExRegisterCallback
KeInitializeTimerEx
KeClearEvent
ObInsertObject
KeInsertDeviceQueue
KeRegisterBugCheckCallback
KeSetKernelStackSwapEnable
RtlCreateSecurityDescriptor
KeGetCurrentThread
KeRemoveQueueDpc
CcPinRead
IoAcquireRemoveLockEx
IoWMIWriteEvent
ExNotifyCallback
ExReleaseFastMutexUnsafe
IoAllocateIrp
RtlPrefixUnicodeString
IoInitializeIrp
RtlAnsiCharToUnicodeChar
RtlLengthRequiredSid
ObCreateObject
RtlSecondsSince1970ToTime
IoGetTopLevelIrp
RtlDeleteElementGenericTable
IoRaiseHardError
RtlCompareMemory
MmAllocateContiguousMemory
RtlInitializeUnicodePrefix
RtlInitializeGenericTable
FsRtlSplitLargeMcb

Exports

Exports

?CrtStringW@@YGPAIPA_NPAJKG<V
?SendCommandLineExW@@YGNPANNPAMI<V
?RtlPathOriginal@@YGPAFPAMMPAE<V
?DecrementCommandLineNew@@YGHE<V
?HideMessageEx@@YGPA_NE<V
?CallProjectNew@@YGIPAMK<V

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 28KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 872B