0eb17e3b8a7b7e7b5194fc578ed065f87b40bc80f42594329bfd0a3804663aff

General

Target

0eb17e3b8a7b7e7b5194fc578ed065f87b40bc80f42594329bfd0a3804663aff
Size

35KB
MD5

07a0b5cf160287f0154d9f86db32eab7
SHA1

40a2d6491c2aea479bbbd48af85de6f510d74bc2
SHA256

0eb17e3b8a7b7e7b5194fc578ed065f87b40bc80f42594329bfd0a3804663aff
SHA512

028cdcf7a77a1fe029fd1406b0c730266936f23f8d9441fffa21440808b136e771ca15f4522430807c206062ced62e8a4f19682801c14ac9c1fd7738cdfe6e47
SSDEEP

768:51FyTvovWw6E/Ipo7xhbpKcayyFqMy5sHD8k8yGHTWXDRYl8GkJQ:5Ovg/aKhH+bVGHaXDR8S

Score

N/A

Malware Config

Signatures

Files

0eb17e3b8a7b7e7b5194fc578ed065f87b40bc80f42594329bfd0a3804663aff
.exe windows x86

999f41e086eca4ee9286a98a473467ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwInitiatePowerAction
ExDeletePagedLookasideList
ZwQueryInformationProcess
_alldvrm
ExAcquireResourceExclusiveLite
FsRtlIsNameInExpression
isspace
isupper
RtlFindSetBitsAndClear
IoQueryFileDosDeviceName
ZwDuplicateToken
KeSetIdealProcessorThread
KeRegisterBugCheckReasonCallback
ExInterlockedExtendZone
PoRegisterSystemState
NtWriteFile
towlower
ExAcquireFastMutexUnsafe
isdigit
IoConnectInterrupt
IoSetSystemPartition
RtlImageNtHeader
strrchr
LpcRequestPort
memcpy
memchr
ExAllocatePool
MmFreeContiguousMemorySpecifyCache
PsSetProcessPriorityByClass
DbgPrint
strspn
islower
FsRtlInitializeOplock
ExFreePoolWithTag
MmRemovePhysicalMemory
MmUnsecureVirtualMemory
InbvCheckDisplayOwnership
IoSetPartitionInformation
strcmp
wcstombs
MmGetPhysicalAddress
RtlDowncaseUnicodeString

Exports

Exports

VkNqwtOjqmjBxilojz
MavJmgbtqcHcmdhyeXetu

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

999f41e086eca4ee9286a98a473467ed

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.INIT Size: 1KB - Virtual size: 1KB

.rdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 12KB - Virtual size: 12KB

.INIT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 124B