76648b30b45be23572f6d7fcae3b839440f0eb3dcaff2580aefd99e63a0aceff

Sharing

Copy URL Twitter E-mail

General

Target

76648b30b45be23572f6d7fcae3b839440f0eb3dcaff2580aefd99e63a0aceff
Size

40KB
MD5

14c93a9baca01d961f32b6fe80ff8e90
SHA1

a68c1e809387bc7bad8dc9c172af4b504d5ba1be
SHA256

76648b30b45be23572f6d7fcae3b839440f0eb3dcaff2580aefd99e63a0aceff
SHA512

4fb159731ce394b4f5f07d83b087dcd3c57cb46276881b7e25d96e1264e5f5e4fe87334c72af5336871eed7a7381c4659a29540b72eb1d932a5f4af920f848d6
SSDEEP

768:rdQnP3SgPk3UALtKlz+u8v4LoHF8bUc/xG/qnjz4W3g639hChEZFMJzUK:uP3rPkEAtm+n40HF8Ac8BWQmvpFMJzUK

Score

N/A

Malware Config

Signatures

Files

76648b30b45be23572f6d7fcae3b839440f0eb3dcaff2580aefd99e63a0aceff
.exe windows x86

97a62d0f0616c2376f9071ff2cd0cb28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
ZwCreateKey
RtlInitUnicodeString
swprintf
wcsncpy
wcsrchr
ZwSetValueKey
IoRegisterDriverReinitialization
_snwprintf
wcschr
strncmp
ZwClose
ZwDeleteKey
ZwOpenKey
PsSetCreateProcessNotifyRoutine
KeQuerySystemTime
_wcsicmp
MmGetSystemRoutineAddress
_wcsnicmp
ObfDereferenceObject
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
KeDelayExecutionThread
_except_handler3
ObReferenceObjectByHandle
ExFreePool
ExAllocatePoolWithTag
RtlCompareUnicodeString
RtlCopyUnicodeString
IoDeviceObjectType
IofCompleteRequest
_stricmp
wcsstr
_wcslwr
RtlAnsiStringToUnicodeString
ZwSetInformationFile
ZwCreateFile
wcscpy
wcscat
strncpy
KeTickCount
KeQueryTimeIncrement
PsCreateSystemThread
_snprintf
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 70B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECODE
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGERES
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97a62d0f0616c2376f9071ff2cd0cb28

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 96B - Virtual size: 70B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 8B

PAGECODE Size: 32B - Virtual size: 8B

PAGERES Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 96B - Virtual size: 70B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 8B

PAGECODE
Size: 32B - Virtual size: 8B

PAGERES
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB