936cadc74be31f40bb8335c5ad0ff798ee3157ae56db8f8faab367c12ec02b7c

Sharing

Copy URL Twitter E-mail

General

Target

936cadc74be31f40bb8335c5ad0ff798ee3157ae56db8f8faab367c12ec02b7c
Size

46KB
MD5

52ad48bf29f8313c7df15296dfb68f7c
SHA1

a5c9231a7f820a86cb7cdbe780030de9cdf85e91
SHA256

936cadc74be31f40bb8335c5ad0ff798ee3157ae56db8f8faab367c12ec02b7c
SHA512

648b3bdb1ad7fd6a362e87ecaa1100bc71d7f775826b7940dad98c53b0a09f50abbff07e8044626465109103077e30d57f95f128cc16ff1767c6c0f0123c756b
SSDEEP

384:tKKBAfGZF1HXGBlFbdGJrMgd7T8hKJbUp2KJpSEMdQI8IPiYJq6zbvbTfb:tKWjZF1HudGqgN8WUsKlyQJq

Score

N/A

Malware Config

Signatures

Files

936cadc74be31f40bb8335c5ad0ff798ee3157ae56db8f8faab367c12ec02b7c
.exe windows x86

98bd0f8b9b2d6a7ce2f7026072566905

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoRequestPowerIrp
HalDispatchTable
WRITE_REGISTER_ULONG
InbvIsBootDriverInstalled
NtQueryInformationFile
wcscmp
KeSetEvent
RtlDeleteOwnersRanges
NtQueryInformationFile
KiIpiServiceRoutine
IoInitializeRemoveLockEx
RtlInvertRangeList
RtlSetSaclSecurityDescriptor
ZwQuerySection
NlsOemCodePage
RtlNextUnicodePrefix
RtlGetDefaultCodePage
IoSetShareAccess
RtlUshortByteSwap
SeSetSecurityDescriptorInfo
RtlInitializeGenericTable
RtlUpcaseUnicodeStringToCountedOemString
MmSetAddressRangeModified
FsRtlGetNextFileLock
FsRtlInitializeMcb
_snwprintf
RtlLargeIntegerShiftRight
IoCheckQuerySetFileInformation
RtlAddAce
vsprintf
KeProfileInterruptWithSource
DbgLoadImageSymbols
LsaCallAuthenticationPackage
KePulseEvent
ZwSetInformationThread
READ_REGISTER_UCHAR
MmMapLockedPages
FsRtlUninitializeOplock
ZwQuerySecurityObject
IoSetTopLevelIrp
LsaRegisterLogonProcess
IoCreateUnprotectedSymbolicLink
ZwSetInformationThread
ZwOpenThreadToken
IoGetStackLimits
RtlStringFromGUID
InbvSolidColorFill
MmSecureVirtualMemory
IoWMIWriteEvent
MmAdjustWorkingSetSize
FsRtlIsDbcsInExpression
IoAttachDeviceByPointer
KeFindConfigurationEntry
NtUnlockFile
LpcRequestWaitReplyPort
FsRtlIsNtstatusExpected
ZwQuerySecurityObject
IoFastQueryNetworkAttributes
LpcPortObjectType
FsRtlFastUnlockAllByKey
ZwDuplicateObject
KeI386GetLid
RtlFindClearBitsAndSet
MmSecureVirtualMemory
MmSystemRangeStart
CcGetFileObjectFromSectionPtrs
NlsLeadByteInfo
wcsncat
PsEstablishWin32Callouts
RtlQueryRegistryValues
RtlEnlargedIntegerMultiply
atoi
MmFreeContiguousMemorySpecifyCache
SeLockSubjectContext
RtlUnicodeToCustomCPN
KdDisableDebugger
KeSetKernelStackSwapEnable
ObOpenObjectByPointer
READ_REGISTER_BUFFER_USHORT
LsaCallAuthenticationPackage
SeImpersonateClientEx
FsRtlDoesNameContainWildCards
MmMapViewInSessionSpace
RtlMergeRangeLists
KeInitializeTimer
ZwFreeVirtualMemory
RtlLargeIntegerSubtract
KeInitializeSemaphore
KeI386AllocateGdtSelectors
ZwDuplicateToken
HalPrivateDispatchTable
DbgBreakPoint
MmPageEntireDriver
ObfReferenceObject
RtlAnsiCharToUnicodeChar
IoUnregisterShutdownNotification
ZwSetInformationFile
ZwQueryVolumeInformationFile
RtlUpcaseUnicodeToOemN
RtlInsertUnicodePrefix
ExInitializeResourceLite
ExGetExclusiveWaiterCount
SePublicDefaultDacl
KeStackAttachProcess
CcGetFlushedValidData
KiDeliverApc
KeRemoveEntryDeviceQueue
RtlUlongByteSwap
CcDeferWrite
RtlCreateHeap
ExInterlockedIncrementLong
IoCheckQuerySetVolumeInformation
KeLoaderBlock
IoGetDeviceObjectPointer
READ_REGISTER_USHORT
ObfDereferenceObject
NtDeviceIoControlFile
ZwSetInformationProcess
RtlUlonglongByteSwap
ZwDeleteFile
ZwOpenEvent
RtlUnicodeStringToOemSize
ExInitializeZone
ObGetObjectSecurity
KeReleaseMutex
LpcRequestPort
FsRtlLegalAnsiCharacterArray
RtlVolumeDeviceToDosName
FsRtlAreNamesEqual
RtlCharToInteger
CcGetFileObjectFromBcb
ExfInterlockedInsertTailList
RtlPrefixString
IoIsWdmVersionAvailable

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98bd0f8b9b2d6a7ce2f7026072566905

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 1024B

INIT Size: 128B - Virtual size: 128B

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 32B - Virtual size: 32B

.text
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 1024B

INIT
Size: 128B - Virtual size: 128B

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 32B - Virtual size: 32B