0787a5084b0c2febd5ec545e3b4e0cbc3b1ebd616a6d58faf5df6339d9d39e3e

Sharing

Copy URL Twitter E-mail

General

Target

0787a5084b0c2febd5ec545e3b4e0cbc3b1ebd616a6d58faf5df6339d9d39e3e
Size

36KB
MD5

74c3b3d546392909d6a7f184ff2aec40
SHA1

13c3ec0099c4ee33fbf2dcc60e88fca283cfbb5a
SHA256

0787a5084b0c2febd5ec545e3b4e0cbc3b1ebd616a6d58faf5df6339d9d39e3e
SHA512

0045d8b2355614e17b85f2fc69ec543b46be84f2df93a7d1e0c99d7b4175dde96b62eba921c14fad2a138c589cb6913cdfbb66eba0da105d03098f116f6bf913
SSDEEP

768:kETMk2tNLU2ZMqKmKu3zo/JKvm/bdZ4HWHNOUxRIlTrtOD:kETz23QhZOYNOUxRsTrc

Score

N/A

Malware Config

Signatures

Files

0787a5084b0c2febd5ec545e3b4e0cbc3b1ebd616a6d58faf5df6339d9d39e3e
.exe windows x86

2769513dd3e9ea94d95f5e9b94fd7baf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsicmp
ExFreePool
ExSystemTimeToLocalTime
KeQuerySystemTime
ExAllocatePoolWithTag
_except_handler3
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
strstr
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
IoCreateDevice
IoRegisterFsRegistrationChange
ExInitializeNPagedLookasideList
KeInitializeSpinLock
IoDeleteSymbolicLink
IoCreateSymbolicLink
ExInitializePagedLookasideList
DbgBreakPoint
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
IoDetachDevice
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
PsGetCurrentThreadId
PsGetCurrentProcessId
IoAttachDeviceToDeviceStack
IoFreeIrp
ObfReferenceObject
KeDelayExecutionThread
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
_wcsnicmp
RtlEqualUnicodeString
DbgPrint
KeGetCurrentThread
IoAllocateIrp
ZwClose
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
wcslen
KeTickCount
KeBugCheckEx
IoDeleteDevice
ObfDereferenceObject
IofCompleteRequest
ExQueueWorkItem
InterlockedIncrement
KeSetEvent
sprintf
RtlVolumeDeviceToDosName
memmove
_snwprintf
ObQueryNameString
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
IoGetTopLevelIrp

hal

KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2769513dd3e9ea94d95f5e9b94fd7baf

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 9KB - Virtual size: 9KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 9KB - Virtual size: 9KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB