269803a78e9b4ca65860fa9ee258965a3e27ab4af103aa1ac7419ec050dab142

Sharing

Copy URL Twitter E-mail

General

Target

269803a78e9b4ca65860fa9ee258965a3e27ab4af103aa1ac7419ec050dab142
Size

73KB
MD5

73d623136026fb412352b00aad02e4c0
SHA1

fefd03594bfd1365f59f19b68a625b67f11ff2b7
SHA256

269803a78e9b4ca65860fa9ee258965a3e27ab4af103aa1ac7419ec050dab142
SHA512

b26d4f892537ff23fc9f869239f0c279bea791648558f7784d0dce3c7803fb010dbfc003e36148efec7ae78561f93747b5ce07cb1e619fd1b4bc76b9fe052168
SSDEEP

768:B6Yhzmt92ax+Ui2Yi5MCSvw+FzjBwO2DzV0xXoszRRyl9ew8PB3ub/QV85:wiA92axbtYiL+pNPO0B9RXXPg4G

Score

N/A

Malware Config

Signatures

Files

269803a78e9b4ca65860fa9ee258965a3e27ab4af103aa1ac7419ec050dab142
.dll windows x86

705bcceecb8fbef90f77653060643145

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
RtlSubAuthoritySid
_allmul
CcFastCopyRead
KeSetKernelStackSwapEnable
MmLockPagableDataSection
ZwOpenFile
IoSetHardErrorOrVerifyDevice
ObfDereferenceObject
RtlAppendStringToString
RtlFindLeastSignificantBit
PoRequestPowerIrp
PsReturnPoolQuota
CcUnpinDataForThread
MmForceSectionClosed
ExRaiseAccessViolation
IoGetDeviceInterfaceAlias
PsGetVersion
MmFreeMappingAddress
RtlAppendUnicodeToString
RtlNtStatusToDosError
ZwMakeTemporaryObject
PoUnregisterSystemState
CcUnpinData
IoCreateStreamFileObject
KeInitializeDpc
strlen
RtlGUIDFromString
IoAcquireRemoveLockEx
MmProbeAndLockProcessPages
IoReleaseVpbSpinLock
CcPurgeCacheSection
RtlFindNextForwardRunClear
ExDeleteNPagedLookasideList
IoWMIWriteEvent
IoInvalidateDeviceRelations
KeQueryActiveProcessors
IoDeleteSymbolicLink
KeGetCurrentThread
CcCopyRead
RtlInitializeSid
wcsstr
KeDetachProcess
IoGetAttachedDevice
IoInitializeTimer
IoDeleteDevice
PsGetProcessId
KeBugCheck
KeInitializeApc
ZwCreateSection
_aulldiv
MmFreePagesFromMdl
CcCanIWrite
RtlSetDaclSecurityDescriptor
ZwSetSecurityObject
PsGetThreadId
PsImpersonateClient
SeValidSecurityDescriptor
IoCheckShareAccess
FsRtlIsDbcsInExpression
_wcsicmp
IoRegisterDeviceInterface
SeAppendPrivileges
IoCreateSymbolicLink
RtlQueryRegistryValues
CcUninitializeCacheMap
KeReleaseMutex

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psikif
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hodta
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cud
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

705bcceecb8fbef90f77653060643145

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 32KB - Virtual size: 32KB

.psikif Size: 512B - Virtual size: 272B

.hodta Size: 3KB - Virtual size: 8KB

.data Size: 17KB - Virtual size: 17KB

.reloc Size: 1KB - Virtual size: 1KB

.cud Size: 512B - Virtual size: 16B

.text
Size: 32KB - Virtual size: 32KB

.psikif
Size: 512B - Virtual size: 272B

.hodta
Size: 3KB - Virtual size: 8KB

.data
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1KB - Virtual size: 1KB

.cud
Size: 512B - Virtual size: 16B