da56011e4a2987d09af04e71e0e6a5e6e2676c8ab265c9cab74afaeeb3c232e9

General

Target

da56011e4a2987d09af04e71e0e6a5e6e2676c8ab265c9cab74afaeeb3c232e9
Size

126KB
MD5

84fb4e783168533b5a17b2bc11b44c36
SHA1

1ce1dd263607d2782ed448478a5e434212154f19
SHA256

da56011e4a2987d09af04e71e0e6a5e6e2676c8ab265c9cab74afaeeb3c232e9
SHA512

6473d47a079179acc15ec0f3cecae497515206794ccf6819066b63b541018763c455b6a8fba8292b8884464b91bd1f77fb0845d1a95bcb68c692a2dd291a97c1
SSDEEP

1536:MqPmLtT55//Pp7u4oGPQZXy3utRULpBWhBTb6qpJQiCSDP:M6iNx/PAaIXy3uolBWTb6qpzD

Score

N/A

Malware Config

Signatures

Files

da56011e4a2987d09af04e71e0e6a5e6e2676c8ab265c9cab74afaeeb3c232e9
.exe windows x86

999f41e086eca4ee9286a98a473467ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwInitiatePowerAction
ExDeletePagedLookasideList
ZwQueryInformationProcess
_alldvrm
ExAcquireResourceExclusiveLite
FsRtlIsNameInExpression
isspace
isupper
RtlFindSetBitsAndClear
IoQueryFileDosDeviceName
ZwDuplicateToken
KeSetIdealProcessorThread
KeRegisterBugCheckReasonCallback
ExInterlockedExtendZone
PoRegisterSystemState
NtWriteFile
towlower
ExAcquireFastMutexUnsafe
isdigit
IoConnectInterrupt
IoSetSystemPartition
RtlImageNtHeader
strrchr
LpcRequestPort
memcpy
memchr
ExAllocatePool
MmFreeContiguousMemorySpecifyCache
PsSetProcessPriorityByClass
DbgPrint
strspn
islower
FsRtlInitializeOplock
ExFreePoolWithTag
MmRemovePhysicalMemory
MmUnsecureVirtualMemory
InbvCheckDisplayOwnership
IoSetPartitionInformation
strcmp
wcstombs
MmGetPhysicalAddress
RtlDowncaseUnicodeString

Exports

Exports

VkNqwtOjqmjBxilojz
MavJmgbtqcHcmdhyeXetu

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

999f41e086eca4ee9286a98a473467ed

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.INIT Size: 1KB - Virtual size: 1KB

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 14KB - Virtual size: 13KB

.INIT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 124B