855f2627d3676165e98c5973b86ee5734f2c17676b5c9ac5b33c5137b73a1d1b

General

Target

855f2627d3676165e98c5973b86ee5734f2c17676b5c9ac5b33c5137b73a1d1b
Size

64KB
MD5

4ef965f16c5dc33b14415e3efad2a2d0
SHA1

1edddb0476518e19b036851b2a2279914c10f5ac
SHA256

855f2627d3676165e98c5973b86ee5734f2c17676b5c9ac5b33c5137b73a1d1b
SHA512

95de90c7d3300924c1535277de829ca795a35245ec5314b376366d659396d835622cfd653548dd26c41c5dec3d2c9fea43296761b87fca03a082bc4e242048a5
SSDEEP

1536:6/kxMEDkttDMsqzTE1BiztfBIdPycu2Rz3/:vGQCezwOxJIdPnpz

Score

N/A

Malware Config

Signatures

Files

855f2627d3676165e98c5973b86ee5734f2c17676b5c9ac5b33c5137b73a1d1b
.dll windows x86

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCheckQuotaBufferValidity
KeSetSystemAffinityThread
KeLeaveCriticalRegion
KeReadStateMutex
IoReleaseCancelSpinLock
IoFreeMdl
MmIsAddressValid
RtlDelete
CcSetDirtyPinnedData
KeEnterCriticalRegion
ZwWriteFile
ExDeleteNPagedLookasideList
ExSetResourceOwnerPointer
IoConnectInterrupt
ObReferenceObjectByHandle
IoReleaseRemoveLockAndWaitEx
RtlDeleteElementGenericTable
MmCanFileBeTruncated
IoWMIRegistrationControl
RtlCreateSecurityDescriptor
CcSetBcbOwnerPointer
CcPurgeCacheSection
KeInsertHeadQueue
SeQueryInformationToken
IoGetStackLimits
MmSecureVirtualMemory
RtlValidSid
ExRaiseDatatypeMisalignment
MmFreeContiguousMemory
IoFreeErrorLogEntry
RtlUnicodeToOemN
FsRtlCheckLockForReadAccess
IoAllocateWorkItem
MmUnsecureVirtualMemory
ZwOpenSymbolicLinkObject
KeRemoveDeviceQueue
KeSetTargetProcessorDpc
SeAccessCheck
FsRtlMdlWriteCompleteDev
RtlGetNextRange
ZwSetVolumeInformationFile
RtlVolumeDeviceToDosName
KeGetCurrentThread
MmAddVerifierThunks
KeTickCount
RtlFindClearRuns

Exports

Exports

?ValidateStringOriginal@@YGDKPAKPAM<V
?CrtProviderOriginal@@YGPAXKPAFGK<V
?IsNotMutantExW@@YGGN<V
?AddDataOld@@YGXD<V
?AddAppNameOriginal@@YGXPADIEJ<V
?DeleteFolderA@@YGJPANPAK<V

Sections

.text
Size: 31KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 60KB

.data Size: 16KB - Virtual size: 16KB

.text
Size: 31KB - Virtual size: 60KB

.data
Size: 16KB - Virtual size: 16KB