7c5232849c1e8e74be2ef10f7901c05e234df061a680bd181d705b09dfea2442

Sharing

Copy URL Twitter E-mail

General

Target

7c5232849c1e8e74be2ef10f7901c05e234df061a680bd181d705b09dfea2442
Size

385KB
MD5

0f7318cd7e34c6fcccdc93804fcad5ec
SHA1

824b7821c9bab1d2885a97434baacd4317a35f05
SHA256

7c5232849c1e8e74be2ef10f7901c05e234df061a680bd181d705b09dfea2442
SHA512

2d0f6632aa3d631e5d75f465e6c6a9b13f921a717651f9480d53e8e5167a1cc1e9525e03b729e5a83a408477cbc3a104a3b4409297307fc83bc62e8a43973086
SSDEEP

6144:fDxDSzhg7u/HHgeurlVy6EInt/gi8zQmJdeXaziiH+f/q3EME9sugnNYahMcN5M+:VYou/AbZnt/4hdmazD3mMn6ahL5MTC

Score

N/A

Malware Config

Signatures

Files

7c5232849c1e8e74be2ef10f7901c05e234df061a680bd181d705b09dfea2442
.exe windows x86

b20e77cef61390fbd5a5edc2122fc74e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObOpenObjectByName
RtlInitUnicodeString
_alldiv
ExRaiseStatus
ExAllocatePoolWithTagPriority
ExFreePoolWithTag
RtlCopyUnicodeString
ExAllocatePoolWithTag
ZwQueryInformationProcess
RtlCompareUnicodeString
KeReleaseMutex
KeWaitForSingleObject
ZwSetInformationProcess
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
ZwEnumerateKey
ZwDeleteKey
ZwOpenKey
wcsncat
memset
ZwLoadDriver
ZwSetValueKey
ZwCreateKey
IoDeleteDevice
RtlImageDirectoryEntryToData
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwOpenFile
ObReferenceObjectByHandle
ZwQueryInformationThread
ZwQuerySystemInformation
memmove
KeInitializeMutex
ZwReadFile
ZwCreateFile
ZwSetInformationFile
ZwWriteFile
memcpy
ZwQueryInformationFile
ZwQueryVolumeInformationFile
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwQueryValueKey
IofCompleteRequest
KeServiceDescriptorTable
RtlImageNtHeader
IoCreateSymbolicLink
IoCreateDevice
swprintf
SeCreateClientSecurity
KeGetCurrentThread
KeQuerySystemTime
sprintf
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
KeTickCount
KeBugCheckEx
ObfDereferenceObject
ZwClose
wcsncmp
RtlUnwind

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b20e77cef61390fbd5a5edc2122fc74e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 840B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 840B

.reloc
Size: 3KB - Virtual size: 3KB