5f8c750febdae6f2769073206bda2ed9fd1d6e508502a536d92781f87c621388

General

Target

5f8c750febdae6f2769073206bda2ed9fd1d6e508502a536d92781f87c621388
Size

20KB
MD5

046b614fc33f0c8df70be3474eee5750
SHA1

7fc7bd5671a12add4df04e7b8cb98723488132ac
SHA256

5f8c750febdae6f2769073206bda2ed9fd1d6e508502a536d92781f87c621388
SHA512

492f09e1a24940593a1769eff564cc44fb06e307d76ac1e233e514f4c400a5d5567a06b66f2a1b56ae2992df94eaf792d8baf3d51288859d1f7617e96f4d6a13
SSDEEP

384:HaA3GLifWV0BASN3KO0lgx2gHB7U6K2Uk1cecUKx:L8ifvN3K5g3hIl7

Score

N/A

Malware Config

Signatures

Files

5f8c750febdae6f2769073206bda2ed9fd1d6e508502a536d92781f87c621388
.exe windows x86

e528d9e0d36b4dddcb739099bafc50bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryInformationProcess
KeInsertQueueDpc
ZwCreateFile
FsRtlInitializeMcb
RtlAppendUnicodeStringToString
ExFreePoolWithTag
RtlFindLongestRunClear
ZwDisplayString
RtlImageNtHeader
READ_REGISTER_BUFFER_ULONG
CcSetDirtyPinnedData
MmIsAddressValid
FsRtlIsNtstatusExpected
DbgPrint
FsRtlLookupLastLargeMcbEntry
IoCreateSymbolicLink
RtlInt64ToUnicodeString
PsRestoreImpersonation
NtDuplicateObject
KeStackAttachProcess
IoReportResourceForDetection
ExInitializeRundownProtection
ExAllocatePool
CcSetFileSizes
strchr
FsRtlNotifyFilterChangeDirectory
CcGetDirtyPages
KdDebuggerEnabled
strcmp
IoWritePartitionTableEx
RtlReserveChunk
NtAllocateUuids

Exports

Exports

WoyCnwaIhmpk
OgsweglTguefMoyqm
FyeilcVfiuevsZkidrv

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.INIT
Size: 1024B - Virtual size: 889B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 90B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e528d9e0d36b4dddcb739099bafc50bd

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 7KB - Virtual size: 7KB

.INIT Size: 1024B - Virtual size: 889B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 90B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 7KB - Virtual size: 7KB

.INIT
Size: 1024B - Virtual size: 889B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 90B