1dea5d2372750ac6f91912a3c8feb4716ff97f89426b9ee5e78d814a05a1d691

Sharing

Copy URL Twitter E-mail

General

Target

1dea5d2372750ac6f91912a3c8feb4716ff97f89426b9ee5e78d814a05a1d691
Size

24KB
MD5

4a0ace40ee3ac3ae29e2c2ea9bb436c0
SHA1

85a0a5d54258306fcd5df7e74d5d87212693f5fd
SHA256

1dea5d2372750ac6f91912a3c8feb4716ff97f89426b9ee5e78d814a05a1d691
SHA512

0417d5768b073cf0478d83371617703e1640fb7fc807a70fb8f6acce0dc3b2976fd33de368d290bdfee12f41beab005b427dce15e415a7a674db83c4bacc22df
SSDEEP

768:s+j7l7l7l7l7l7l7F9vFG7ylk610lYvTBka:scGS0lYv

Score

N/A

Malware Config

Signatures

Files

1dea5d2372750ac6f91912a3c8feb4716ff97f89426b9ee5e78d814a05a1d691
.exe windows x86

65116540cf2c0329d33de5ff97a55179

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwPulseEvent
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
_except_handler3
_stricmp
IofCompleteRequest
ExFreePool
strrchr
ExAllocatePoolWithTag
ObReferenceObjectByHandle
RtlFreeUnicodeString
IoCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoFileObjectType
strncmp
IoGetCurrentProcess
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s2data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s1data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t1ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ahnisb
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65116540cf2c0329d33de5ff97a55179

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 864B - Virtual size: 836B

.data Size: 4KB - Virtual size: 4KB

.s2data Size: 1KB - Virtual size: 1KB

.s1data Size: 1KB - Virtual size: 1KB

.t1ata Size: 512B - Virtual size: 512B

.ahnisb Size: 2KB - Virtual size: 2KB

INIT Size: 768B - Virtual size: 752B

.reloc Size: 928B - Virtual size: 900B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 864B - Virtual size: 836B

.data
Size: 4KB - Virtual size: 4KB

.s2data
Size: 1KB - Virtual size: 1KB

.s1data
Size: 1KB - Virtual size: 1KB

.t1ata
Size: 512B - Virtual size: 512B

.ahnisb
Size: 2KB - Virtual size: 2KB

INIT
Size: 768B - Virtual size: 752B

.reloc
Size: 928B - Virtual size: 900B