7e6317a58f7a07211e87bf5978a5303144bcdb4be333c9e2ec8f893e9d11005a

Sharing

Copy URL

Twitter E-mail

General

Target

7e6317a58f7a07211e87bf5978a5303144bcdb4be333c9e2ec8f893e9d11005a
Size

40KB
MD5

6723ed823772128097702684a936ba77
SHA1

2d16bf71692b53c0f48dda4ef4407e69821a6bfe
SHA256

7e6317a58f7a07211e87bf5978a5303144bcdb4be333c9e2ec8f893e9d11005a
SHA512

8aa217c88ecf381dfd479a2e05928121b863c1c465782526ff545c408d5832c958345ec2cbd000df202d4b59a0c2a0c1cb078ef8cd686d8483c650c696e2fa12
SSDEEP

768:r5/LJilyVF4tsJf3IcGADEogxtQ4DYwlIakOFwRaVypKxk/QXToP6GY1N9lGkh90:rBVFBJ/PfozDQ4LIanFwRaS4k4Xk2N9o

Score

N/A

Malware Config

Signatures

Files

7e6317a58f7a07211e87bf5978a5303144bcdb4be333c9e2ec8f893e9d11005a
.exe windows x86

dc8b88ffa442fc3ebda44ddf3db552b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
IofCompleteRequest
ZwClose
PsCreateSystemThread
_wcsnicmp
wcslen
ObReferenceObjectByHandle
ZwSetValueKey
ZwCreateKey
RtlCompareUnicodeString
_snwprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
swprintf
wcscat
wcscpy
IoDeviceObjectType
ZwDeleteKey
ExFreePool
_snprintf
wcschr
ZwOpenKey
_wcsicmp
wcsrchr
wcsstr
_wcslwr
ObfDereferenceObject
strncpy
strncmp
_except_handler3
_stricmp
KeQuerySystemTime
ZwCreateFile
PsLookupProcessByProcessId
ZwSetInformationFile
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
RtlCopyUnicodeString
IoRegisterDriverReinitialization
KeDelayExecutionThread

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECODE
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGERES
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 69B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc8b88ffa442fc3ebda44ddf3db552b8

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 8B

PAGECODE Size: 32B - Virtual size: 8B

PAGERES Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 69B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 8B

PAGECODE
Size: 32B - Virtual size: 8B

PAGERES
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 69B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB