80a6eae32d45cac963667872455f9ae41d9dce9a5a95568fe1bc83bc3535ae43

General

Target

80a6eae32d45cac963667872455f9ae41d9dce9a5a95568fe1bc83bc3535ae43
Size

445KB
MD5

2d74f351fe414a25006784caf865dad3
SHA1

2426b240c96a5d2112ae86c83e86655f377213a0
SHA256

80a6eae32d45cac963667872455f9ae41d9dce9a5a95568fe1bc83bc3535ae43
SHA512

b66f8eb1fa7d5ee4830cc593a514a448e1ae7a552164077c417dcfd558d672eba44ea860d76bf879d8e22a214f44e0e72d925584a74ebdb204577ea5b4af4a4e
SSDEEP

12288:mDMpOfBtKy4LE4wxubJ2Li73ZpjgRdKWQ:GiW/MbJ2LO3ZpkRIx

Score

N/A

Malware Config

Signatures

Files

80a6eae32d45cac963667872455f9ae41d9dce9a5a95568fe1bc83bc3535ae43
.dll windows x86

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
MmForceSectionClosed
RtlFreeUnicodeString
KeEnterCriticalRegion
KeLeaveCriticalRegion
RtlDeleteElementGenericTable
ZwSetSecurityObject
KdDisableDebugger
IoGetDeviceToVerify
IoCheckEaBufferValidity
CcFastCopyRead
HalExamineMBR
RtlFindClearBitsAndSet
ProbeForRead
IoDeviceObjectType
KeGetCurrentThread
ObInsertObject
IoSetShareAccess
RtlCreateSecurityDescriptor
MmIsThisAnNtAsSystem
RtlFindClearBits
KeInitializeTimer
IoQueueWorkItem
ZwDeleteKey
RtlQueryRegistryValues
IoGetTopLevelIrp
IoInvalidateDeviceRelations
FsRtlCheckLockForReadAccess
ExUnregisterCallback
IoReleaseCancelSpinLock
IoGetBootDiskInformation
KeRestoreFloatingPointState
SeTokenIsRestricted
IoSetTopLevelIrp
ObGetObjectSecurity
PoUnregisterSystemState
IoGetDeviceAttachmentBaseRef
KeQueryInterruptTime
KeTickCount
PsDereferencePrimaryToken
IoGetDiskDeviceObject
MmFreeNonCachedMemory
IoCheckShareAccess
MmFreeMappingAddress
MmHighestUserAddress
IoVerifyVolume
ZwQuerySymbolicLinkObject
RtlAnsiStringToUnicodeString
CcPinMappedData
ExSystemTimeToLocalTime
DbgBreakPointWithStatus
KeReadStateMutex
KeInitializeEvent
ExGetExclusiveWaiterCount

Exports

Exports

?RtlDirectoryExW@@YGPADHPAG<V
?DeleteVersionExW@@YGGD<V
?FindSectionA@@YGFFPA_NGM<V
?ModifyPathExW@@YGKK<V
?SetFilePathW@@YGIPAJJIPAJ<V
?IsNotFileEx@@YGMPAMDF<V

Sections

.text
Size: 65KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 83KB

.text
Size: 65KB - Virtual size: 83KB