5a6f17ea71fe25c680530fa05bd32ea1c52a59075e8227062ad78201764a006f

General

Target

5a6f17ea71fe25c680530fa05bd32ea1c52a59075e8227062ad78201764a006f
Size

40KB
MD5

0cf1d41a670862850a3b03cc00432e55
SHA1

63723f71b300399079d372c829c93c68307ec42b
SHA256

5a6f17ea71fe25c680530fa05bd32ea1c52a59075e8227062ad78201764a006f
SHA512

b31284611a96f5a4059a0c4ce77384a06aef0a3c518cc7201c8ba74b23489a8d6a2d7e22dc0f0f28ca164fcbebfb0e04a9a4111cb86bfbae3c45368acb274bc9
SSDEEP

768:ki82abq5gfCyxVMzUFqP2I/aOGBqf0oLyKXyZVMlufHP0GE9F6w:kD2SqaNjMzuqPzs5oLyo+VXve9sw

Score

N/A

Malware Config

Signatures

Files

5a6f17ea71fe25c680530fa05bd32ea1c52a59075e8227062ad78201764a006f
.dll windows x86

d35bf09b3f0528a2fea3264b0143f0a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlUpcaseUnicodeString
IoBuildSynchronousFsdRequest
RtlCompareString
ExAllocatePool
RtlPrefixUnicodeString
RtlUpperString
IofCallDriver
KeClearEvent
RtlCreateHeap
MmMapLockedPages
VerSetConditionMask
RtlFreeHeap
PoUnregisterSystemState
RtlInitUnicodeString
KeSetEvent
RtlDestroyHeap
IoVerifyPartitionTable
KeInitializeEvent
RtlInitString
MmBuildMdlForNonPagedPool
PoRequestPowerIrp
RtlUnicodeToOemN
RtlUpcaseUnicodeToOemN
RtlAllocateHeap
KeWaitForSingleObject
IoSetPartitionInformationEx
PoCallDriver
FsRtlAllocateFileLock
memset

Exports

Exports

_OpenZipArchive@4
_ReadZipArchive@8

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d35bf09b3f0528a2fea3264b0143f0a5

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 271B

.data Size: - Virtual size: 4B

INIT Size: 1024B - Virtual size: 802B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 512B - Virtual size: 178B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 271B

.data
Size: - Virtual size: 4B

INIT
Size: 1024B - Virtual size: 802B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 178B