54e287ed769e5e57a0528f46cff9202c2601d898f4df74cdf88de3b5306310ca

General

Target

54e287ed769e5e57a0528f46cff9202c2601d898f4df74cdf88de3b5306310ca
Size

267KB
MD5

a3a0f688779cb05594f91b459e21d52e
SHA1

663152085c8213d31ad52233e633546a70a2226d
SHA256

54e287ed769e5e57a0528f46cff9202c2601d898f4df74cdf88de3b5306310ca
SHA512

6f674d03ebefd9ab3f0df5e9562f8d3e65c8c4bc5188be15cb83072799a0e4b2f20afd2363ee689bbca1959aefa9aac86dff1769f6074c9dfea1dad470e201e3
SSDEEP

6144:vvIpxWOCCwVwette322cmfGSwk/Nj1uni:vMKCLOS

Score

N/A

Malware Config

Signatures

Files

54e287ed769e5e57a0528f46cff9202c2601d898f4df74cdf88de3b5306310ca
.dll windows x86

d91fc92bb805630b812c3f3b8baeace0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetRelatedDeviceObject
MmCanFileBeTruncated
ZwSetSecurityObject
IoGetRequestorProcess
RtlFillMemoryUlong
CcFlushCache
RtlExtendedIntegerMultiply
PsRevertToSelf
MmResetDriverPaging
IoInitializeRemoveLockEx
FsRtlNotifyUninitializeSync
IoStartNextPacket
KeReleaseMutex
IoInvalidateDeviceState
RtlDelete
RtlQueryRegistryValues
RtlCreateAcl
ObReferenceObjectByHandle
ZwReadFile
RtlSetDaclSecurityDescriptor
IoCheckEaBufferValidity
PsSetLoadImageNotifyRoutine
ExReleaseResourceLite
ZwWriteFile
ExDeleteNPagedLookasideList
IoReuseIrp
MmFreeNonCachedMemory
RtlSubAuthoritySid
strlen
RtlCheckRegistryKey
KeInitializeQueue
ObQueryNameString
IoGetStackLimits
PsGetProcessId
SeSetSecurityDescriptorInfo
PoCallDriver
IoQueryFileInformation

Sections

.fgghg
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uytu
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmem
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d91fc92bb805630b812c3f3b8baeace0

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.fgghg Size: 1024B - Virtual size: 776B

.text Size: 29KB - Virtual size: 29KB

.uytu Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 876B

.vmem Size: - Virtual size: 8KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 1KB - Virtual size: 1KB

.fgghg
Size: 1024B - Virtual size: 776B

.text
Size: 29KB - Virtual size: 29KB

.uytu
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 876B

.vmem
Size: - Virtual size: 8KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 1KB - Virtual size: 1KB