bf0746b162346b970ca61f9099fdb635a7b293ad6664aa8003c24afccfa640f4

General

Target

bf0746b162346b970ca61f9099fdb635a7b293ad6664aa8003c24afccfa640f4
Size

54KB
MD5

07a4ba4f7b4aaf071c2a5545ab798af0
SHA1

dd7032ef98d57ff613903ac54078e0804a5abfc6
SHA256

bf0746b162346b970ca61f9099fdb635a7b293ad6664aa8003c24afccfa640f4
SHA512

c95e28f9f0876f426ebcbb5dcb0ab3f10978b6a9ce128c8b2d25da96fd7e88800a7155ed03f50ce70bad3158fd9ad3a8732b077d80022d968e16d42329ed622d
SSDEEP

384:nCV+erU9F9/Eyo98/ZldJWhpQhDCEcGJN4gNjCDIZQhD/PJR5uxylHqs91vZI:C/rC2D8/NJ/F8gNeDAQDJRF1vZI

Score

N/A

Malware Config

Signatures

Files

bf0746b162346b970ca61f9099fdb635a7b293ad6664aa8003c24afccfa640f4
.exe windows x86

67fdf4bd7b0acb453f33eccd2fc4347e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcscpy
ExAllocatePoolWithTag
wcsstr
ExFreePoolWithTag
_strupr
strstr
PsLookupProcessByProcessId
strncmp
ObfDereferenceObject
PsGetVersion
PsGetCurrentProcessId
ZwClose
ZwDeleteValueKey
ZwOpenKey
RtlInitUnicodeString
IoFreeMdl
ZwOpenFile
MmMapLockedPages
_wcsupr
IoAllocateMdl
KeServiceDescriptorTable
ZwQuerySystemInformation
_except_handler3
PsTerminateSystemThread
KeWaitForSingleObject
KeInitializeEvent
IoDeleteDevice
IoDeleteSymbolicLink
KeSetEvent
IofCompleteRequest
ObReferenceObjectByHandle
DbgPrint
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
ExfInterlockedInsertHeadList
MmBuildMdlForNonPagedPool
KeInitializeSpinLock

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67fdf4bd7b0acb453f33eccd2fc4347e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 388B

.data Size: 512B - Virtual size: 128B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 510B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 388B

.data
Size: 512B - Virtual size: 128B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 510B