29592a2a353d21d027c8bfe691d31ef4936f805feb3480e8a5c6a71b1e5dca52

Sharing

Copy URL Twitter E-mail

General

Target

29592a2a353d21d027c8bfe691d31ef4936f805feb3480e8a5c6a71b1e5dca52
Size

37KB
MD5

d3055141e4d4de89a6eabb51d35e17cc
SHA1

bee8225c48b07f35774cb80e6ce2cdfa4cf7e5fb
SHA256

29592a2a353d21d027c8bfe691d31ef4936f805feb3480e8a5c6a71b1e5dca52
SHA512

45037006d49531bfd601befa1d6b04b959f2484b1191fe3e0b80b00996e00da940929ee9addb175f89aa59d1a6579d24d9e2e3207f05bdd05da8d2d23d476e9c
SSDEEP

768:G2is8X5U+FAkmbZ5dqpOHcHN/ZqUGuVujKOZ5IRKhANen:Pi1XWxko5sOHINO1NZSRKhf

Score

N/A

Malware Config

Signatures

Files

29592a2a353d21d027c8bfe691d31ef4936f805feb3480e8a5c6a71b1e5dca52
.exe windows x64

e1274ef9430f7cb735a05ee61d5b0e47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
strncmp
strlen
MmMapLockedPagesSpecifyCache
IofCompleteRequest
PsGetCurrentProcessId
PsCreateSystemThread
KeSetEvent
KeDelayExecutionThread
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
ExAllocatePool
ZwClose
ObfDereferenceObject
wcscmp
IoGetLowerDeviceObject
ObReferenceObjectByHandle
IoCreateFile
RtlInitUnicodeString
ExInitializeResourceLite
PsGetVersion
_stricmp
RtlCompareMemory
RtlImageNtHeader
ZwCreateFile
wcslen
RtlImageDirectoryEntryToData
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
ZwQueryInformationProcess
RtlEqualUnicodeString
strcmp
IoGetCurrentProcess
IoFreeIrp
IoAllocateIrp
IoGetRelatedDeviceObject
KeInsertQueueApc
KeInitializeApc
ZwAllocateVirtualMemory
PsGetProcessImageFileName
wcscat
_wcsupr
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
strcat
IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
strncpy
strstr
IoFileObjectType
strchr
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmIsAddressValid
FsRtlIsNameInExpression

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1274ef9430f7cb735a05ee61d5b0e47

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 1024B - Virtual size: 732B

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 512B - Virtual size: 24B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 1024B - Virtual size: 732B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 512B - Virtual size: 24B