83796a037f393658fc87fa6bdd7377a4530bf76d6c3ff95fa89fa9464643390b

Sharing

Copy URL

Twitter E-mail

General

Target

83796a037f393658fc87fa6bdd7377a4530bf76d6c3ff95fa89fa9464643390b
Size

84KB
MD5

0d8f451f6875099070535b6a7b6e5ef0
SHA1

1b2167fe1561e6d35c08f8973eb0c589c3bd4711
SHA256

83796a037f393658fc87fa6bdd7377a4530bf76d6c3ff95fa89fa9464643390b
SHA512

c9c455da1a002ed72510149e2ff40e0a801327bd0c28e8cc477d643d2a55ebfbb4ad57a6adbfab64cf32bc22d48d6150a010692265d720113ad00dd002ce10ae
SSDEEP

768:Gk0bvCuCzRfWWgByljgPkm23XcOEVV0MzPln5V8m6BKPZCcvAL4zTGgTM:Gk0CfWrLPk53XlEbzt5n6rWzo

Score

N/A

Malware Config

Signatures

Files

83796a037f393658fc87fa6bdd7377a4530bf76d6c3ff95fa89fa9464643390b
.exe windows x86

abb6e3ca24316c92c0904f29a321ceb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
ZwDeleteValueKey
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlRandomEx
rand
srand
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlLargeIntegerDivide
_allrem
RtlGetVersion
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExAllocatePool
ExFreePoolWithTag
IoDetachDevice
RtlCompareMemory
MmIsAddressValid
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
memmove
MmGetSystemRoutineAddress
_snprintf
strrchr
strncpy
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
RtlFreeUnicodeString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
RtlCopyUnicodeString
ExAllocatePoolWithTag
ZwDeleteFile
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTi�HTSK
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
IoAttachDeviceToDeviceStack
KeSetEvent

N

a

r
g

:

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abb6e3ca24316c92c0904f29a321ceb1

Headers

File Characteristics

Imports

a

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 18KB - Virtual size: 18KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 18KB - Virtual size: 18KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 3KB - Virtual size: 3KB