c87e03f2b54705e1f45dbdcec738ded3f9b7d293458a5df353b2d857beb0e8be

General

Target

c87e03f2b54705e1f45dbdcec738ded3f9b7d293458a5df353b2d857beb0e8be
Size

17KB
MD5

536713e3e68f46fcf4874c65d7af06f3
SHA1

73c9782b60df371e867be469edce388b237ffa02
SHA256

c87e03f2b54705e1f45dbdcec738ded3f9b7d293458a5df353b2d857beb0e8be
SHA512

4ba59fd417fcd477454553315e17bcee621468d4e2371c352c63405900005a66001f46dcd91aec2a015abe685113881c7205f39cb4ec7f446cced83494c07d2a
SSDEEP

192:WetH82FVBpjtZzoXmPrGidZG0+vvO2I60QkdO8P4qA/d8nvy8qiTGFUHLcjl1pSF:ntH8+ZzoarG3v9mfS4fLTs1lHS/d

Score

N/A

Malware Config

Signatures

Files

c87e03f2b54705e1f45dbdcec738ded3f9b7d293458a5df353b2d857beb0e8be
.exe windows x86

4d2510fd638171b8843655e36a0f3979

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareString
RtlInitString
RtlInitUnicodeString
KeServiceDescriptorTable
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
MmIsAddressValid
ZwQueryDirectoryFile
ZwCreateFile
ZwSetInformationFile
ZwTerminateProcess
ZwSetSecurityObject
ZwEnumerateValueKey
ZwQueryValueKey
ZwSetValueKey
ZwReplaceKey
ZwRestoreKey
ZwCreateKey
ZwEnumerateKey
ZwOpenKey
ZwOpenFile
ZwDeleteValueKey
IofCompleteRequest
InterlockedIncrement
InterlockedDecrement
IoDeleteDevice
IoUnregisterShutdownNotification
IoDeleteSymbolicLink
wcsrchr
wcslen
wcsstr
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
RtlCopyUnicodeString
ZwCreateSection
ZwMapViewOfSection
ZwDeleteKey
ZwClose
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d2510fd638171b8843655e36a0f3979

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 328B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 328B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB