a8444b8fa25a20c7e7050860f7f3a25273fc6751990d7ad1ba3e5634c6872588

General

Target

a8444b8fa25a20c7e7050860f7f3a25273fc6751990d7ad1ba3e5634c6872588
Size

183KB
MD5

08b5327247eb2e55a0b1f07c0ebe9e3e
SHA1

4be31285c8320c0059da95f303c40336ea0d835e
SHA256

a8444b8fa25a20c7e7050860f7f3a25273fc6751990d7ad1ba3e5634c6872588
SHA512

ceb2a84faf4e1e494be17fb8208ca7359de2781c36811cd8ac7c67c0169f4919d6a92de7c7ba03710bd6de70bc7e6cfab87d89a278bf77936d95923a2f61e0df
SSDEEP

3072:6KUaGexjQeCRkF/woNEQuVW0egfexWlyK4yOTFO+HLJJedbVTQiJTfZl:Ncexc8YoNEd4gACyZTFOELDqTJr

Score

N/A

Malware Config

Signatures

Files

a8444b8fa25a20c7e7050860f7f3a25273fc6751990d7ad1ba3e5634c6872588
.dll windows x86

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

SeCaptureSubjectContext
SeDeleteObjectAuditAlarm
CcDeferWrite
IoBuildPartialMdl
IoFreeIrp
SeTokenIsRestricted
IoCheckShareAccess
IoGetLowerDeviceObject
ZwCreateSection
ZwQuerySymbolicLinkObject
KeEnterCriticalRegion
FsRtlNotifyInitializeSync
IoGetInitialStack
IoWMIRegistrationControl
ZwOpenSymbolicLinkObject
KeReadStateTimer
IoDeviceObjectType
KeGetCurrentThread
RtlGetVersion
MmUnlockPages
IoGetDmaAdapter
RtlUnicodeStringToInteger
SeSetSecurityDescriptorInfo
RtlUpcaseUnicodeString
ExIsProcessorFeaturePresent
RtlIsNameLegalDOS8Dot3
CcGetFileObjectFromBcb
KeInitializeDeviceQueue
ObfReferenceObject
KeDetachProcess
MmCanFileBeTruncated
ObReferenceObjectByPointer
IoThreadToProcess
KeTickCount
IoGetAttachedDevice
IofCallDriver
IoGetDeviceInterfaceAlias
FsRtlDeregisterUncProvider
IoInitializeIrp
DbgBreakPoint
KeLeaveCriticalRegion
RtlCreateSecurityDescriptor
ZwOpenFile
KeInsertByKeyDeviceQueue
IoVerifyVolume
IoDeleteController
CcMdlRead

Exports

Exports

?IsNotPenEx@@YGPAFIGPAJG<V
?DeleteDirectory@@YGXEPAGME<V
?IsNotCommandLineW@@YGPAIGMPAF<V
?PutMessageEx@@YGMPA_N<V
?PutObject@@YGPADFPAMPAJPA_N<V
?EnumConfigExW@

Sections

.text
Size: 65KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 89KB

.text
Size: 65KB - Virtual size: 89KB