adffff1addd398ed25a4783bad88c7ccc725853331a86f37a4ed0762dae355ea

Sharing

Copy URL

Twitter E-mail

General

Target

adffff1addd398ed25a4783bad88c7ccc725853331a86f37a4ed0762dae355ea
Size

56KB
MD5

9f9e2cdada9b6c226b262b56aecc6ac9
SHA1

87eaf560d567b0b0441e33a5e0ada677d1e5f913
SHA256

adffff1addd398ed25a4783bad88c7ccc725853331a86f37a4ed0762dae355ea
SHA512

4ada3ae30a4723669bf07696aa5c092a460a863c8cbb2a860e9a985c911d60b7f0376f22974ab4278f7d2aa6937f2ffcce18c25789aa3c1db581caf65381360b
SSDEEP

768:sRaxXVbdzETvGueZoJ5L7SgR2kouXmwCSn/iVHMBfvp2RbXTrbuAY/wTAyPgvaL2:2anUd3CSXmw//1Z2Rnryr/lyYvaL2

Score

N/A

Malware Config

Signatures

Files

adffff1addd398ed25a4783bad88c7ccc725853331a86f37a4ed0762dae355ea
.exe windows x86

5aa963edeebcd76a514932a963b2bdf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ZwClose
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ExAllocatePoolWithTag
_alldiv
ZwDeleteFile
swprintf
RtlRandom
memcpy
memset
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwDeviceIoControlFile
_stricmp
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
PsLookupProcessByProcessId
RtlEqualUnicodeString
ObfDereferenceObject
ZwTerminateProcess
ObOpenObjectByPointer
ZwCreateFile
KeSetTargetProcessorDpc
KeInitializeDpc
KeNumberProcessors
RtlImageNtHeader
KeUnstackDetachProcess
KeStackAttachProcess
ExAllocatePool
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
ProbeForRead
MmHighestUserAddress
ExGetPreviousMode
MmGetSystemRoutineAddress
PsTerminateSystemThread
KeWaitForSingleObject
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeSetEvent
ObfReferenceObject
IoGetLowerDeviceObject
KeSetTimer
KeInitializeTimer
KeTickCount
KeBugCheckEx
RtlUnwind
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInsertQueueDpc
ExFreePoolWithTag

hal

KfAcquireSpinLock
KeStallExecutionProcessor
KfReleaseSpinLock

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5aa963edeebcd76a514932a963b2bdf5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 852B

.data Size: 512B - Virtual size: 376B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 740B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 852B

.data
Size: 512B - Virtual size: 376B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 740B