60017fce8d706e13bb73ec220eebafe19d7c4abb8de88ef4e5607e155fb36dc5

General

Target

60017fce8d706e13bb73ec220eebafe19d7c4abb8de88ef4e5607e155fb36dc5
Size

27KB
MD5

36401a1ae0c2fd6384788c4c99a03fe3
SHA1

b9111dd2f51d4bbd6edb794e66ae2e1f7bb7ff8e
SHA256

60017fce8d706e13bb73ec220eebafe19d7c4abb8de88ef4e5607e155fb36dc5
SHA512

149484e742c426df60ccca508acbb3381b20c8074333ea1dd7b26833c54319083e8bfda72a4fa478089be164257edbea39afd56bfea4883bfa946e067657be83
SSDEEP

768:Kjp+740940940940940940940ZPUGIHbGCKJv6ur1:KNFJGCKp68

Score

N/A

Malware Config

Signatures

Files

60017fce8d706e13bb73ec220eebafe19d7c4abb8de88ef4e5607e155fb36dc5
.exe windows x86

84d6c0b158a22e5cc6a3a322e55d236d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoCreateSymbolicLink
IoCreateDevice
MmUserProbeAddress
ZwReadFile
ZwCreateFile
ZwClose
ZwQueryInformationProcess
ZwPulseEvent
RtlFreeUnicodeString
IoCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IofCompleteRequest
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
strncmp
IoGetCurrentProcess
IoDeleteDevice
IoDeleteSymbolicLink
_stricmp
_except_handler3
IoFreeIrp
DbgPrint

hal

KfLowerIrql
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel

Sections

sHuUtf8
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t3ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t2ata
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t1ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 980B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84d6c0b158a22e5cc6a3a322e55d236d

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

sHuUtf8 Size: 21KB - Virtual size: 21KB

.t3ata Size: 256B - Virtual size: 256B

.t2ata Size: 256B - Virtual size: 256B

.t1ata Size: 512B - Virtual size: 512B

.rata Size: 2KB - Virtual size: 2KB

INIT Size: 992B - Virtual size: 980B

.reloc Size: 1KB - Virtual size: 1KB

sHuUtf8
Size: 21KB - Virtual size: 21KB

.t3ata
Size: 256B - Virtual size: 256B

.t2ata
Size: 256B - Virtual size: 256B

.t1ata
Size: 512B - Virtual size: 512B

.rata
Size: 2KB - Virtual size: 2KB

INIT
Size: 992B - Virtual size: 980B

.reloc
Size: 1KB - Virtual size: 1KB