8000e26e379cca0b0220212564fc5224b247f2fb121e516238a22dc24d325ea6

General

Target

8000e26e379cca0b0220212564fc5224b247f2fb121e516238a22dc24d325ea6
Size

39KB
MD5

55160da32e5e00e1f17e5988ffa20287
SHA1

61a77b92f39600c624760f87f0ec3e9e1ad4b35c
SHA256

8000e26e379cca0b0220212564fc5224b247f2fb121e516238a22dc24d325ea6
SHA512

096a729cda4d6b0bbcd5ca39f167cf168a7645847586f50a7f28add1ce6c5e5121010d1beff2f881306ad54786ad9cb598ca2e0787ef4530d03b060f8ac48ee5
SSDEEP

768:V8DFpvIF4k+mcoi6ckfKqQajDcGTCljT0eYYUp5TNKxmUAl:V6EGRJ6dDt4cOP0eYbp9fZl

Score

N/A

Malware Config

Signatures

Files

8000e26e379cca0b0220212564fc5224b247f2fb121e516238a22dc24d325ea6
.exe windows x86

c5327a806ee743ffc8213db11cbc579e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
_snwprintf
ExAllocatePoolWithTag
RtlCompareUnicodeString
ObReferenceObjectByHandle
_wcsnicmp
ObfDereferenceObject
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
_stricmp
ZwSetInformationFile
ZwCreateFile
wcscpy
swprintf
ZwCreateKey
wcsncpy
wcsrchr
_wcsicmp
MmIsAddressValid
strncmp
wcscat
IoDeviceObjectType
RtlCopyUnicodeString
ZwDeleteKey
IoGetCurrentProcess
strncpy
PsLookupProcessByProcessId
wcsstr
_wcslwr
PsCreateSystemThread
IoRegisterDriverReinitialization
ExFreePool
_snprintf
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
wcschr
IofCompleteRequest
KeQuerySystemTime
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 71B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5327a806ee743ffc8213db11cbc579e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 71B

PAGEWMI Size: 32B - Virtual size: 5B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 71B

PAGEWMI
Size: 32B - Virtual size: 5B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB