135b0ab608b95b74c2d37d228ba6d3572e172d505257d6bfb03da956c8416054

General

Target

135b0ab608b95b74c2d37d228ba6d3572e172d505257d6bfb03da956c8416054
Size

20KB
MD5

0ff4f7b7192195392304432c28d78477
SHA1

16379f93866160c745182780e91f282828347e20
SHA256

135b0ab608b95b74c2d37d228ba6d3572e172d505257d6bfb03da956c8416054
SHA512

6ca44d1156a327d2cfec0c9dfdc15fc1ac680eff1ace98d3e65d4e1002a9d1e77fcb11536f30fa8bb46a1acd6390dbba2661bade3545e052d8eb519b382224d1
SSDEEP

384:QeOyq0p9+JThNk5QLJgI9Lhj7LYOPNunW1WkW781gW:Qe3dWhiQNgCLhpEC1

Score

N/A

Malware Config

Signatures

Files

135b0ab608b95b74c2d37d228ba6d3572e172d505257d6bfb03da956c8416054
.exe windows x86

d7d82f916a1e3880c0704753df39a1a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlLookupLastLargeMcbEntry
RtlFindLongestRunClear
CcGetFlushedValidData
ZwSetInformationFile
memcpy
ZwDisplayString
ExFreePoolWithTag
KeInsertQueueDpc
IoWritePartitionTableEx
FsRtlInitializeMcb
RtlReserveChunk
READ_REGISTER_BUFFER_ULONG
RtlInt64ToUnicodeString
ExInitializeRundownProtection
ZwCreateFile
RtlAppendUnicodeStringToString
FsRtlIsNtstatusExpected
strlen
DbgPrint
NtDuplicateObject
IoReportResourceForDetection
NtAllocateUuids
KdDebuggerEnabled
FsRtlNotifyFilterChangeDirectory
KeStackAttachProcess
RtlImageNtHeader
IoCreateSymbolicLink
ExAllocatePool
strcmp
CcGetDirtyPages
MmIsAddressValid
CcGetFileObjectFromSectionPtrs
PsRestoreImpersonation

Exports

Exports

IpizcfAcmvvdWqu
OsvFuvvGhbfDn
GfeKmpxvAbljKm

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7d82f916a1e3880c0704753df39a1a2

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 914B

.reloc Size: 512B - Virtual size: 88B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 914B

.reloc
Size: 512B - Virtual size: 88B

.rsrc
Size: 3KB - Virtual size: 2KB