0efcbc39446ff1e43894dc03395bf693ae049f846d8ca361e7d5173452ba3504

General

Target

0efcbc39446ff1e43894dc03395bf693ae049f846d8ca361e7d5173452ba3504
Size

40KB
MD5

2af6f8e54a7ffa846c7f91c0726c4b52
SHA1

453a53a8ae535ea9f582730e5399adec6a004745
SHA256

0efcbc39446ff1e43894dc03395bf693ae049f846d8ca361e7d5173452ba3504
SHA512

fd1c3a2e49cd1748428d58b08fb4631029ffda654f48ab3185d4eadda26b2a173d292bcccce096778ea08cf1225374f13ab71f2304746c3208256736157a6bdf
SSDEEP

768:vwrOAZzQ541xgWezbGUXwOGa16WQv7qMJ53s9ztwxwY9uswvSFQ77vW387T8dHWR:vwyAZzQ541mW0Gf/GQv73JqBtw+CyrfF

Score

N/A

Malware Config

Signatures

Files

0efcbc39446ff1e43894dc03395bf693ae049f846d8ca361e7d5173452ba3504
.exe windows x86

3fac13a1357893c268dd63a60602714e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
swprintf
wcslen
ZwCreateKey
RtlInitUnicodeString
wcsncpy
wcsrchr
MmIsAddressValid
ZwClose
ZwOpenKey
IoDeviceObjectType
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
ZwQueryValueKey
_except_handler3
_wcsnicmp
ObfDereferenceObject
strncpy
PsLookupProcessByProcessId
_stricmp
wcsstr
_wcslwr
ObReferenceObjectByHandle
PsSetCreateProcessNotifyRoutine
IoGetCurrentProcess
RtlAnsiStringToUnicodeString
ZwCreateFile
IofCompleteRequest
wcscat
wcscpy
_wcsicmp
PsGetVersion
ExFreePool
_snprintf
ExAllocatePoolWithTag
strncmp
RtlCompareUnicodeString
PsCreateSystemThread
KeDelayExecutionThread
KeQuerySystemTime
KeTickCount
KeQueryTimeIncrement
_snwprintf
IoRegisterDriverReinitialization
wcschr
RtlCopyUnicodeString
MmGetSystemRoutineAddress
ZwSetInformationFile

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 55B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fac13a1357893c268dd63a60602714e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 5B

PAGE Size: 64B - Virtual size: 55B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 5B

PAGE
Size: 64B - Virtual size: 55B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB