0d1fa71d43b5bf0232afa9de51081cb7846b3688cfc7e7d2f384da959114ac0e

Sharing

Copy URL Twitter E-mail

General

Target

0d1fa71d43b5bf0232afa9de51081cb7846b3688cfc7e7d2f384da959114ac0e
Size

135KB
MD5

81bcc2f7871e437327baa9180e4ad956
SHA1

34957faef3863ef768fcab0edb3d1896a4410b7e
SHA256

0d1fa71d43b5bf0232afa9de51081cb7846b3688cfc7e7d2f384da959114ac0e
SHA512

9948991c1181dd0942e5e25f1479e6d485479a78877a1f9ddb8fb3ac7d918b023db035a13f7dd91cb5c0f6c993fbe3959e708907bea3f9604d4f12351192fb8a
SSDEEP

3072:Ej6TAHBZ863SzTWLdcWU7ZEAi0Gv7YHZE76VuLFUSfSEp:Ej6fzS5cWU7Zpi5YHaVLa7

Score

N/A

Malware Config

Signatures

Files

0d1fa71d43b5bf0232afa9de51081cb7846b3688cfc7e7d2f384da959114ac0e
.dll windows x86

62258214c05ac8f21a3b5c578655160d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCheckQuotaBufferValidity
ZwCreateKey
DbgBreakPoint
IoAllocateIrp
IoCreateStreamFileObjectLite
KeSynchronizeExecution
IoReadPartitionTableEx
KeInitializeQueue
IoInvalidateDeviceState
MmAllocateMappingAddress
ExSystemTimeToLocalTime
RtlTimeToSecondsSince1970
IoGetTopLevelIrp
RtlNumberOfClearBits
KeQueryInterruptTime
KeGetCurrentThread
IoGetRelatedDeviceObject
IoFreeIrp
IoUnregisterFileSystem
RtlCopyUnicodeString
IoConnectInterrupt
KeTickCount
IoSetPartitionInformation
CcFastCopyWrite
IoInvalidateDeviceRelations
CcUninitializeCacheMap
ObReleaseObjectSecurity
RtlFindClearBitsAndSet
KeReadStateMutex
MmForceSectionClosed
MmFreePagesFromMdl
RtlCharToInteger
IoSetThreadHardErrorMode
CcMdlRead
RtlTimeFieldsToTime
IoIsWdmVersionAvailable
KeInsertByKeyDeviceQueue
PsReferencePrimaryToken
IoReadDiskSignature
RtlVerifyVersionInfo
ZwSetSecurityObject
IoGetBootDiskInformation
RtlFreeOemString
MmUnsecureVirtualMemory
SeAccessCheck
ZwQueryObject
PsChargeProcessPoolQuota
DbgBreakPointWithStatus
KeEnterCriticalRegion
ExDeletePagedLookasideList
CcGetFileObjectFromBcb
ObfReferenceObject
MmFreeMappingAddress
IoGetDeviceProperty
CcRepinBcb
KeClearEvent
ZwEnumerateKey
ZwCreateSection
RtlEqualUnicodeString
IoThreadToProcess
ExCreateCallback
CcPreparePinWrite
SeDeassignSecurity
IoGetInitialStack
CcSetReadAheadGranularity
ZwWriteFile
RtlCreateSecurityDescriptor
RtlEqualString
RtlDeleteNoSplay
KeWaitForSingleObject
RtlCreateAcl
CcUnpinData
KeLeaveCriticalRegion
KeSetTimerEx
IoCancelIrp
IoSetHardErrorOrVerifyDevice
KeInitializeTimer
RtlCheckRegistryKey

Exports

Exports

?LoadFilePathExA@@YGHK<V
?ModifyWindowInfoA@@YGFPAN<V
?RtlMonitorOld@@YGXK_NK<V
?KillKeyNameW@@YGMJE<V
?GetFile@@YGXPADHPAJPA_N<V
?InvalidateFileExA@@YGIPAKK<V

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdat
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62258214c05ac8f21a3b5c578655160d

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 4KB

.vdat Size: - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 4KB

.vdat
Size: - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 924B