4f296b86304b60fcb7abc2ab4efc3c3814c5b08f21704d976640a9b0f7aca64b

General

Target

4f296b86304b60fcb7abc2ab4efc3c3814c5b08f21704d976640a9b0f7aca64b
Size

32KB
MD5

80f6c20b3631a056bf89c315d1a9b020
SHA1

0faa205ed448dd8fe8e889fd20d55555ac7c6318
SHA256

4f296b86304b60fcb7abc2ab4efc3c3814c5b08f21704d976640a9b0f7aca64b
SHA512

e2b0f4fc347421257df13cd7b97878c839dc67a87d315c7ade13e53225e8ccf04bbde2b27d4bcd499ecbb8db3e1d670d2d2ed507acb0edcb595de05b24edb319
SSDEEP

768:KKYCeQbenVtCn2TOjPv0Uz5ngYilCm5Ym8i:uAMVA2TOLv0UOYil7L8i

Score

N/A

Malware Config

Signatures

Files

4f296b86304b60fcb7abc2ab4efc3c3814c5b08f21704d976640a9b0f7aca64b
.dll windows x86

94e6bf02bbfe18c2f00ac522cfbd29c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
DbgPrint
IoGetCurrentProcess
PsLookupProcessByProcessId
KeAttachProcess
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
_except_handler3
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
NtOpenProcess
ZwDeviceIoControlFile
NtDeviceIoControlFile
ExAllocatePoolWithTag
MmGetPhysicalAddress
MmFreeNonCachedMemory
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
MmAllocateNonCachedMemory
IoDeleteSymbolicLink
ZwClose
ZwMapViewOfSection
ZwOpenSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
PsLookupThreadByThreadId
ExFreePool
ObReferenceObjectByHandle

hal

HalTranslateBusAddress

Exports

Exports

_NtGdiGetPixel_Vir@12

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94e6bf02bbfe18c2f00ac522cfbd29c7

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 288B

.edata Size: 512B - Virtual size: 82B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 288B

.edata
Size: 512B - Virtual size: 82B

.reloc
Size: 2KB - Virtual size: 1KB