e23e9266c48c8999cfed4c78a67eb11cb01f9f299f047907074fc9060b53654e

General

Target

e23e9266c48c8999cfed4c78a67eb11cb01f9f299f047907074fc9060b53654e
Size

35KB
MD5

80df74a2fcf2f4e9c2c979e091e7b700
SHA1

0bbada7e6c10eca60f088e542ee70c16af43808a
SHA256

e23e9266c48c8999cfed4c78a67eb11cb01f9f299f047907074fc9060b53654e
SHA512

f35d3a9971d75ae2589ca02438385f3de8d0570b077495c39d53eb166c9ea3f7f468cc4c84a27dd090cdd382f2b99c7f8659feb93562be012251c5e531fd681e
SSDEEP

768:wf2GYc4oQZYKXVHm1a0FB1WeVpDGgMD1ph7r0:w3QZYgsNieagM/h7A

Score

N/A

Malware Config

Signatures

Files

e23e9266c48c8999cfed4c78a67eb11cb01f9f299f047907074fc9060b53654e
.exe windows x86

8727d4c7a021c714307f0555e03acf37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

rand
ZwSetInformationProcess
memchr
CcPreparePinWrite
_allshl
ExExtendZone
ExFreePoolWithTag
isspace
ZwSetInformationFile
IoGetDeviceAttachmentBaseRef
isupper
RtlFreeRangeList
towlower
RtlAreBitsClear
MmFreeContiguousMemorySpecifyCache
FsRtlIsHpfsDbcsLegal
PsImpersonateClient
RtlImageNtHeader
DbgPrint
IoWMIHandleToInstanceName
ExAllocatePool
strspn
ZwOpenThreadToken
sprintf
strcmp
ExFreeToPagedLookasideList
memcpy
FsRtlGetFileSize
FsRtlMdlReadComplete
IoStatisticsLock

Exports

Exports

YwGrqxRxypwc
MzRioixnVihbluXx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data2
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8727d4c7a021c714307f0555e03acf37

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.INIT Size: 1024B - Virtual size: 710B

.rdata Size: 15KB - Virtual size: 14KB

.data1 Size: - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.data2 Size: 512B - Virtual size: 164B

.reloc Size: 512B - Virtual size: 124B

.text
Size: 13KB - Virtual size: 13KB

.INIT
Size: 1024B - Virtual size: 710B

.rdata
Size: 15KB - Virtual size: 14KB

.data1
Size: - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.data2
Size: 512B - Virtual size: 164B

.reloc
Size: 512B - Virtual size: 124B