ead91a10da79d78657fdaf1bba1a2df1e998d013b994fde00f41201282dd325d

Sharing

Copy URL Twitter E-mail

General

Target

ead91a10da79d78657fdaf1bba1a2df1e998d013b994fde00f41201282dd325d
Size

88KB
MD5

06bfd462e7b175a67a566dea71bd8cc0
SHA1

766efe1d6cf25f00b25f88ca21a956d101207c94
SHA256

ead91a10da79d78657fdaf1bba1a2df1e998d013b994fde00f41201282dd325d
SHA512

be1ded410d85eb1e78efc57a6d0fca284fba3f4194f6fe1c5886cb87aaab8a9658bcefd26db980e1d43bafeaa7ced19d6258b5bae2edca254cc6b27ba2ede693
SSDEEP

768:Tk0LvCuCzRiWWgB9lj2PkM23XlOEjVLMzPln/V8m6/KtZCgvNO4zTGgiii:Tk0yiWrYPkv3XoEOzt/n6fwzti

Score

N/A

Malware Config

Signatures

Files

ead91a10da79d78657fdaf1bba1a2df1e998d013b994fde00f41201282dd325d
.exe windows x86

5f0ed94a12a541ad688709da11f63e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
ZwDeleteValueKey
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlRandomEx
rand
srand
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlLargeIntegerDivide
_allrem
RtlGetVersion
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExAllocatePool
ExFreePoolWithTag
IoDetachDevice
RtlCompareMemory
MmIsAddressValid
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
memmove
MmGetSystemRoutineAddress
_snprintf
strrchr
strncpy
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
RtlFreeUnicodeString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
RtlCopyUnicodeString
ExAllocatePoolWithTag
ZwDeleteFile
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTimerEx
KeBugCheckEx
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
IoAttachDeviceToDeviceStack
KeSetEvent
RtlAnsiCharToUnicodeChar
RtlUnwind

hal

KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f0ed94a12a541ad688709da11f63e91

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 18KB - Virtual size: 18KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 18KB - Virtual size: 18KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 3KB - Virtual size: 3KB