a0f11dc055dacfb127d89e74a0f5a7ca25585c21473fb0d88481c9b6004f830d

General

Target

a0f11dc055dacfb127d89e74a0f5a7ca25585c21473fb0d88481c9b6004f830d
Size

9KB
MD5

2b9fe71439d091206d528202c7bf1cf4
SHA1

0ebf1a197a5f4cbcf7c37cf1ce34b5b4ac5e6d55
SHA256

a0f11dc055dacfb127d89e74a0f5a7ca25585c21473fb0d88481c9b6004f830d
SHA512

11dd7266cea19a1263d05dfa6f4d8b8ab45b762c05cc4505a3108942e56408685f0b1e690da33031dba32cd95e4cacb07d217999e6c70bc16b0e09c8324f8cee
SSDEEP

192:W9CcV3hoFn1J+W1AVSV6tt3k5orSLidwNZOfUZ:W9CcV3hoFKTdt6WrGiONZei

Score

N/A

Malware Config

Signatures

Files

a0f11dc055dacfb127d89e74a0f5a7ca25585c21473fb0d88481c9b6004f830d
.exe windows x86

dbe6f561cef79c7f9117fed83156d7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
IofCallDriver
IoReleaseRemoveLockEx
IofCompleteRequest
ObfDereferenceObject
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoGetDeviceObjectPointer
_except_handler3
IoCreateSymbolicLink
KeInitializeSpinLock
ExFreePool
ExAllocatePoolWithTag
KeTickCount
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwOpenFile
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
IoBuildAsynchronousFsdRequest
KeBugCheckEx
RtlInitUnicodeString
ZwClose
IoDeleteDevice
strncmp
IoGetCurrentProcess
strncpy

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 566B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbe6f561cef79c7f9117fed83156d7be

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 388B

.data Size: 128B - Virtual size: 80B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 640B - Virtual size: 566B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 388B

.data
Size: 128B - Virtual size: 80B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 640B - Virtual size: 566B