cb2e51040c915f6d35fc3cc5c3475bdb0546a36a0b146a7aa33e7dfafcdc5e0d

Sharing

Copy URL Twitter E-mail

General

Target

cb2e51040c915f6d35fc3cc5c3475bdb0546a36a0b146a7aa33e7dfafcdc5e0d
Size

22KB
MD5

31480db989b542891bc51bf576be1940
SHA1

581bc535bd3a3f6b8881c3532cde495aa7dacb67
SHA256

cb2e51040c915f6d35fc3cc5c3475bdb0546a36a0b146a7aa33e7dfafcdc5e0d
SHA512

f3f51473bb7d4a4addcdd213b53cac9fc142bb67b4eef4d6f01256ff2a681be9e8b1351799aff096fdd274039660d3903a02b2162304b524f273f6530a11d5a5
SSDEEP

384:g+j7uS7uS7uS7uS7uS7uS7uCZJmIEJJ6FG7vJ7QvdZkg29+YbS0X3QHy:g+j7l7l7l7l7l7l7FZJSJJ6FG7BGkg2h

Score

N/A

Malware Config

Signatures

Files

cb2e51040c915f6d35fc3cc5c3475bdb0546a36a0b146a7aa33e7dfafcdc5e0d
.exe windows x86

e7e83a78dcd3f82b1837619bedf3fa08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ProbeForWrite
ProbeForRead
ZwQueryInformationProcess
ZwPulseEvent
_except_handler3
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
IofCompleteRequest
ObReferenceObjectByHandle
RtlFreeUnicodeString
IoCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoFileObjectType
strncmp
IoGetCurrentProcess
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateDevice
IoFreeIrp
IoCreateSymbolicLink

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.codet
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code1
Size: 544B - Virtual size: 529B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code2
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sosata2
Size: 32B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sosata1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ESTisb
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 932B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7e83a78dcd3f82b1837619bedf3fa08

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.codet Size: 3KB - Virtual size: 3KB

.code1 Size: 544B - Virtual size: 529B

.code2 Size: 512B - Virtual size: 504B

.rdata Size: 864B - Virtual size: 844B

.data Size: 640B - Virtual size: 636B

sosata2 Size: 32B - Virtual size: 28B

sosata1 Size: 4KB - Virtual size: 4KB

.ESTisb Size: 2KB - Virtual size: 2KB

INIT Size: 960B - Virtual size: 932B

.reloc Size: 928B - Virtual size: 908B

.text
Size: 6KB - Virtual size: 6KB

.codet
Size: 3KB - Virtual size: 3KB

.code1
Size: 544B - Virtual size: 529B

.code2
Size: 512B - Virtual size: 504B

.rdata
Size: 864B - Virtual size: 844B

.data
Size: 640B - Virtual size: 636B

sosata2
Size: 32B - Virtual size: 28B

sosata1
Size: 4KB - Virtual size: 4KB

.ESTisb
Size: 2KB - Virtual size: 2KB

INIT
Size: 960B - Virtual size: 932B

.reloc
Size: 928B - Virtual size: 908B