0f309c9420700ccdc038100a62b64ec74a9cf4369a360e663d7c6b4e0c3d7b6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f309c9420700ccdc038100a62b64ec74a9cf4369a360e663d7c6b4e0c3d7b6f
Size

73KB
MD5

4335fc35d700c7ecfb2e00335704268b
SHA1

404800f435fd947b1f6f5d9392fd216570f08532
SHA256

0f309c9420700ccdc038100a62b64ec74a9cf4369a360e663d7c6b4e0c3d7b6f
SHA512

ec07d17904f87c0337cd0bad7db00a8dd5431ed86294207f590c626156957405bfcca2656dcb8f15f6caf5514f1906ec865d1d58809e888a622305b8373eb3f0
SSDEEP

1536:H9AIi7ouKfGZJ2WL7SuzouK5WTm008VwZ51laJ1:mIgNKfGXL7SpV008VwZ5101

Score

N/A

Malware Config

Signatures

Files

0f309c9420700ccdc038100a62b64ec74a9cf4369a360e663d7c6b4e0c3d7b6f
.dll windows x86

1c03abd126f55568954b5b603b08b80d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeQueryPerformanceCounter

ntoskrnl.exe

IoDeleteDevice
RtlLengthSid
RtlxOemStringToUnicodeSize
ObOpenObjectByPointer
MmPageEntireDriver
ZwQueryKey
ExFreePoolWithTag
ExSetTimerResolution
RtlxUnicodeStringToAnsiSize
KeStackAttachProcess
ZwOpenSymbolicLinkObject
PsIsThreadTerminating
KeQueryActiveProcessors
RtlInitAnsiString
SeTokenIsRestricted
RtlTimeToTimeFields
SeSetSecurityDescriptorInfo
MmFreeContiguousMemory
RtlAnsiCharToUnicodeChar
CcIsThereDirtyData
MmCanFileBeTruncated
RtlInsertUnicodePrefix
IoGetStackLimits
IoSetHardErrorOrVerifyDevice
MmFreeNonCachedMemory
IoGetDeviceObjectPointer
IoReportResourceForDetection
ExDeleteNPagedLookasideList
KeInitializeEvent
IoReleaseVpbSpinLock
MmGetSystemRoutineAddress

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ