6c140e4ebb125e907ccd909fd1ea445b17c220dd3e62a3cc7a893265621b3317

General

Target

6c140e4ebb125e907ccd909fd1ea445b17c220dd3e62a3cc7a893265621b3317
Size

135KB
MD5

6a356695ecb504e06bb44ae6141869c9
SHA1

66d7084338bf53b83cfe4269842d50830d67e2f7
SHA256

6c140e4ebb125e907ccd909fd1ea445b17c220dd3e62a3cc7a893265621b3317
SHA512

d6cd0770f451766e9eba2e7c568e893f8a68a31f2aa35cc0b8c6974f047920956ee7cd26ed3fb772048dc2fbb34e67cff4f8b3fcce8c5a44b172fb4da31185b7
SSDEEP

3072:DjPlz+snHLPm2ze5FFJxlGYd0ct0j24z3pGNBFKXU3Wao:nZnrOryY+ch4z3wFKX

Score

N/A

Malware Config

Signatures

Files

6c140e4ebb125e907ccd909fd1ea445b17c220dd3e62a3cc7a893265621b3317
.dll windows x86

fe595c91b80919c6855e5824de8995d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateStreamFileObjectLite
RtlSecondsSince1980ToTime
RtlValidSecurityDescriptor
CcMdlReadComplete
IoSetTopLevelIrp
MmAllocateMappingAddress
KeSetEvent
IoRemoveShareAccess
ZwQueryKey
RtlStringFromGUID
ZwOpenProcess
IofCompleteRequest
KeSetKernelStackSwapEnable
ZwEnumerateKey
KeInsertDeviceQueue
KeInitializeApc
ExSetResourceOwnerPointer
RtlUnicodeToOemN
MmAllocateContiguousMemory
RtlInitAnsiString
ExReleaseFastMutexUnsafe
CcFlushCache
ExInitializeResourceLite
IoSetPartitionInformationEx
RtlAreBitsSet
IoGetRelatedDeviceObject
IoGetDeviceProperty
FsRtlMdlWriteCompleteDev
KeBugCheckEx
WmiQueryTraceInformation
RtlAppendStringToString
RtlNumberOfClearBits
KeSetSystemAffinityThread
ExQueueWorkItem
ExAllocatePoolWithQuotaTag
ZwQueryObject
KeQuerySystemTime
MmBuildMdlForNonPagedPool
RtlAnsiCharToUnicodeChar
IoInitializeRemoveLockEx
KeRemoveQueueDpc
KeReleaseSemaphore
IoSetShareAccess
CcSetBcbOwnerPointer
FsRtlNotifyInitializeSync
IoCreateDisk
IoReadDiskSignature
MmUnmapIoSpace

Exports

Exports

?PutMutantExA@@ADGHPAFM<V
?SetTimerOriginal@@ADHNDHPAK<V
?ShowListNew@@ADHPAJ<V
?IncrementKeyboardW@@ADDGPAJ<V
?GlobalWindowExW@@ADHPADPAKI<V
?CallTimeA@@ADGDEK<V

Sections

.text
Size: 29KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 263B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe595c91b80919c6855e5824de8995d9

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 51KB

.edata Size: 512B - Virtual size: 263B

.data Size: 32KB - Virtual size: 31KB

.text
Size: 29KB - Virtual size: 51KB

.edata
Size: 512B - Virtual size: 263B

.data
Size: 32KB - Virtual size: 31KB