419b6d9f9f694fcf12b1b175e60ebd35fb850f943f4530b621df8fddf992413f

General

Target

419b6d9f9f694fcf12b1b175e60ebd35fb850f943f4530b621df8fddf992413f
Size

14KB
MD5

82a7db6271eae1570ee3a121a147eab6
SHA1

29c6535d9adb87acef619e19225cc07d80d1e641
SHA256

419b6d9f9f694fcf12b1b175e60ebd35fb850f943f4530b621df8fddf992413f
SHA512

96843674882958535ce7543a1f88cadf8265be2650ea76504e2305089885206f81ff07a963b0b2901538c1028b6c528957cabe73e6848df6aa3ebe4b571ba6db
SSDEEP

192:RLuITeZdniNYEaJgDHPI91NQ7DBOf8ect+rKHynx/dQQdL9:tuI6kBaJgDvIj+Da8meG8Qt

Score

N/A

Malware Config

Signatures

Files

419b6d9f9f694fcf12b1b175e60ebd35fb850f943f4530b621df8fddf992413f
.exe windows x86

5db4825457f145e6e07660933141f215

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
strchr
wcslen
wcscat
swprintf
wcscpy
wcsncmp
ZwEnumerateKey
sprintf
_strupr
wcscmp
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5db4825457f145e6e07660933141f215

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1024B - Virtual size: 952B

.rsrc Size: 128B - Virtual size: 16B

.reloc Size: 640B - Virtual size: 588B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 952B

.rsrc
Size: 128B - Virtual size: 16B

.reloc
Size: 640B - Virtual size: 588B