General

Malware Config

Signatures

Files

• 6f80ade78d11f66f1834161b464f3240ab8f23044e7c874ecbcbb1d9275f8861

  .dll windows x86

  7fc1a1e968101c0c34ec7e1d8d35918d

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntoskrnl.exe

  KeRemoveByKeyDeviceQueue

  ZwOpenSymbolicLinkObject

  KeWaitForSingleObject

  IofCallDriver

  RtlCharToInteger

  PsCreateSystemThread

  SeOpenObjectAuditAlarm

  IoUpdateShareAccess

  IoConnectInterrupt

  ZwSetVolumeInformationFile

  ZwOpenProcess

  IoAllocateWorkItem

  CcMdlReadComplete

  RtlFreeAnsiString

  PsImpersonateClient

  KeBugCheck

  KdDisableDebugger

  KeSetTimerEx

  ExAcquireFastMutexUnsafe

  ZwDeviceIoControlFile

  FsRtlNotifyInitializeSync

  SeQueryAuthenticationIdToken

  CcPurgeCacheSection

  RtlFindUnicodePrefix

  SeTokenIsAdmin

  SeReleaseSubjectContext

  ExRaiseAccessViolation

  IoCreateStreamFileObjectLite

  DbgBreakPoint

  FsRtlIsTotalDeviceFailure

  ExRegisterCallback

  RtlUpcaseUnicodeString

  MmMapLockedPages

  IoCheckShareAccess

  KeClearEvent

  RtlCopyString

  KeInitializeTimer

  IoIsOperationSynchronous

  ProbeForWrite

  RtlEqualUnicodeString

  RtlAddAccessAllowedAceEx

  RtlTimeToSecondsSince1970

  IoDeleteDevice

  IoWriteErrorLogEntry

  RtlCopyUnicodeString

  IoRegisterDeviceInterface

  CcMdlWriteComplete

  ZwCreateDirectoryObject

  KeQuerySystemTime

  CcFastCopyWrite

  RtlClearAllBits

  IoAllocateMdl

  KeDelayExecutionThread

  DbgPrompt

  IoAcquireVpbSpinLock

  ZwReadFile

  RtlCreateAcl

  RtlWriteRegistryValue

  KeSetBasePriorityThread

  ZwOpenSection

  ExAllocatePoolWithQuotaTag

  IoMakeAssociatedIrp

  CcCanIWrite

  IoGetDeviceProperty

  IoGetLowerDeviceObject

  KeInsertQueue

  CcPreparePinWrite

  IoReleaseVpbSpinLock

  IoBuildSynchronousFsdRequest

  ExSetTimerResolution

  MmProbeAndLockPages

  RtlFindLongestRunClear

  IoGetRelatedDeviceObject

  RtlUnicodeToOemN

  MmUnlockPages

  IoSetDeviceInterfaceState

  SeTokenIsRestricted

  CcGetFileObjectFromBcb

  VerSetConditionMask

  RtlTimeFieldsToTime

  MmBuildMdlForNonPagedPool

  PsChargeProcessPoolQuota

  ZwFreeVirtualMemory

  FsRtlCheckLockForWriteAccess

  ZwQueryVolumeInformationFile

  ZwNotifyChangeKey

  ExSetResourceOwnerPointer

  RtlCreateRegistryKey

  RtlDeleteElementGenericTable

  MmPageEntireDriver

  KeCancelTimer

  RtlClearBits

  FsRtlFreeFileLock

  ZwCreateKey

  IoReadPartitionTable

  RtlFillMemoryUlong

  KeQueryInterruptTime

  SeSinglePrivilegeCheck

  IoInitializeIrp

  KeSaveFloatingPointState

  RtlDeleteNoSplay

  RtlEqualString

  ObGetObjectSecurity

  KeUnstackDetachProcess

  RtlInitString

  MmFreeMappingAddress

  IoBuildPartialMdl

  RtlEnumerateGenericTable

  RtlValidSid

  KeQueryActiveProcessors

  SePrivilegeCheck

  KeInsertQueueDpc

  IoRegisterFileSystem

  IoSetPartitionInformation

  FsRtlIsFatDbcsLegal

  IoQueryFileInformation

  IoStartTimer

  IoAllocateErrorLogEntry

  ZwDeleteValueKey

  RtlLengthSecurityDescriptor

  RtlCompareString

  KeSynchronizeExecution

  FsRtlNotifyUninitializeSync

  SeLockSubjectContext

  ZwSetSecurityObject

  MmSizeOfMdl

  RtlFreeUnicodeString

  RtlSubAuthoritySid

  RtlCreateUnicodeString

  KeInitializeDpc

  KeReleaseMutex

  IoCheckQuotaBufferValidity

  IoSetTopLevelIrp

  IoSetThreadHardErrorMode

  ObMakeTemporaryObject

  ZwQuerySymbolicLinkObject

  ZwMapViewOfSection

  ExAllocatePoolWithTag

  ZwQueryKey

  RtlInitializeBitMap

  RtlCopyLuid

  IoInitializeTimer

  IoGetDeviceObjectPointer

  PsReturnPoolQuota

  SeFreePrivileges

  ProbeForRead

  SeUnlockSubjectContext

  ZwOpenKey

  RtlSetDaclSecurityDescriptor

  RtlCopySid

  RtlFindSetBits

  IoCreateDevice

  PoSetSystemState

  ExDeletePagedLookasideList

  RtlOemToUnicodeN

  CcUnpinRepinnedBcb

  CcPinRead

  PsGetCurrentProcess

  ZwQueryObject

  MmUnlockPagableImageSection

  RtlValidSecurityDescriptor

  MmUnmapLockedPages

  IoReleaseRemoveLockAndWaitEx

  IoReportResourceForDetection

  FsRtlFastCheckLockForRead

  IoGetTopLevelIrp

  KeLeaveCriticalRegion

  PsGetThreadProcessId

  ZwWriteFile

  MmAddVerifierThunks

  IoCreateFile

  IoStopTimer

  IoSetHardErrorOrVerifyDevice

  FsRtlAllocateFileLock

  KeRestoreFloatingPointState

  MmAllocateMappingAddress

  KeRemoveQueueDpc

  KeInitializeDeviceQueue

  KeBugCheckEx

  ExFreePool

  RtlCreateSecurityDescriptor

  MmSecureVirtualMemory

  PsGetCurrentProcessId

  IoWMIRegistrationControl

  CcMapData

  IoGetDeviceInterfaces

  RtlAppendStringToString

  IoAllocateAdapterChannel

  FsRtlIsDbcsInExpression

  IoDeleteSymbolicLink

  IoGetAttachedDeviceReference

  KeWaitForMultipleObjects

  RtlFindLeastSignificantBit

  ExRaiseStatus

  RtlSetAllBits

  KeReadStateTimer

  RtlUnicodeStringToOemString

  KeRemoveQueue

  KeResetEvent

  IoIsSystemThread

  MmForceSectionClosed

  KeRundownQueue

  KeDeregisterBugCheckCallback

  KeGetCurrentThread

  RtlMultiByteToUnicodeN

  CcUnpinData

  MmMapUserAddressesToPage

  IoWMIWriteEvent

  MmSetAddressRangeModified

  KeAttachProcess

  IoFreeMdl

  RtlVerifyVersionInfo

  WmiQueryTraceInformation

  RtlInt64ToUnicodeString

  RtlInitializeUnicodePrefix

  RtlGetCallersAddress

  RtlCheckRegistryKey

  RtlDelete

  IoGetDiskDeviceObject

  PsLookupThreadByThreadId

  CcUninitializeCacheMap

  MmCanFileBeTruncated

  MmFreePagesFromMdl

  RtlDowncaseUnicodeString

  ObfReferenceObject

  IoSetDeviceToVerify

  SeAssignSecurity

  PsGetProcessId

  IoWritePartitionTableEx

  IoFreeIrp

  RtlRemoveUnicodePrefix

  MmAllocatePagesForMdl

  IoCheckEaBufferValidity

  KeStackAttachProcess

  IoGetStackLimits

  IoCreateStreamFileObject

  ExLocalTimeToSystemTime

  IoFreeErrorLogEntry

  ExAllocatePool

  DbgBreakPointWithStatus

  IoFreeWorkItem

  IoGetCurrentProcess

  IoReportDetectedDevice

  CcRepinBcb

  IoReadPartitionTableEx

  CcRemapBcb

  IoSetShareAccess

  PoUnregisterSystemState

  ZwFsControlFile

  RtlFindLastBackwardRunClear

  RtlVolumeDeviceToDosName

  PsGetVersion

  KeSetEvent

  ZwOpenFile

  ObQueryNameString

  ExDeleteNPagedLookasideList

  ObCreateObject

  Exports

  Exports

  ?InstallSectionA@@YGPAFE<V

  ?CopyMonitorExW@@YGPAEPAI<V

  ?LoadListItemNew@@YGPAGEPAHE<V

  ?LoadMutexEx@@YGPAFDGPAGN<V

  ?AddScreenEx@@YGHPAM<V

  ?PutFilePath@@YGMMN<V

  Sections

  .text

  Size: 43KB - Virtual size: 42KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 868B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ