ab7270802c9e88d79a0c3e021ffa44473c8c79e67941f41b7fc00ce4bde106b4

General

Target

ab7270802c9e88d79a0c3e021ffa44473c8c79e67941f41b7fc00ce4bde106b4
Size

443KB
MD5

026198a33f29cd8ff4e9f4eb3f57278a
SHA1

d3ed7898e306e66a5d0385c1828027ba202edf54
SHA256

ab7270802c9e88d79a0c3e021ffa44473c8c79e67941f41b7fc00ce4bde106b4
SHA512

8cc056f4f400720ee15c46844a3dd067aa69d7840611bad6507d53b9d6efe99a2c5bd9d8ce3648d442b42a3b9fd5324084a39712a4fc32a3ab1c6000d1be62f1
SSDEEP

6144:e/ty+tUHIrMbA96Vid9szw77k6M8i1cES128JV3Lk1q13+pKSSFxi8d0Q7kTUxY2:ely+tUHkJs0MO128JtpuY9ccSI8tAZH

Score

N/A

Malware Config

Signatures

Files

ab7270802c9e88d79a0c3e021ffa44473c8c79e67941f41b7fc00ce4bde106b4
.exe windows x86

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

isdigit
InbvCheckDisplayOwnership
wcstombs
PoRegisterSystemState
isupper
memcpy
islower
ZwDuplicateToken
IoSetSystemPartition
ExAcquireSharedStarveExclusive
KeSetIdealProcessorThread
MmGetPhysicalAddress
IoQueryFileDosDeviceName
RtlFindSetBitsAndClear
ExInterlockedExtendZone
NtWriteFile
KeRegisterBugCheckReasonCallback
ExFreePoolWithTag
memchr
towlower
MmRemovePhysicalMemory
_alldvrm
ExDeletePagedLookasideList
ExAcquireSharedWaitForExclusive
strcmp
LpcRequestPort
IoConnectInterrupt
RtlDowncaseUnicodeString
DbgPrint
strrchr
FsRtlIsNameInExpression
MmFreeContiguousMemorySpecifyCache
ZwInitiatePowerAction
ExAllocatePool
strspn
ZwQueryInformationProcess
isspace
RtlImageNtHeader
PsSetProcessPriorityByClass
MmUnsecureVirtualMemory
IoSetPartitionInformation
FsRtlInitializeOplock

Exports

Exports

TmNbpnm
WkpgodaBwuh
RjgdXljfWoxymb
DdYzechRkpbxCvmzio

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.INIT Size: 1KB - Virtual size: 1KB

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 14KB - Virtual size: 13KB

.INIT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 124B