7c0101f939336fcab4f1a7bfdac056ad7c36d9ea6cba38eb818fc10d533f028f

Sharing

Copy URL Twitter E-mail

General

Target

7c0101f939336fcab4f1a7bfdac056ad7c36d9ea6cba38eb818fc10d533f028f
Size

39KB
MD5

a2615b96c83185278926221beec7778c
SHA1

9dd00e534e666da207859b68b153634784e32954
SHA256

7c0101f939336fcab4f1a7bfdac056ad7c36d9ea6cba38eb818fc10d533f028f
SHA512

79a05b4dee2218198c748275a4b3f7234ab8b6ade31c7db429f5b294b4da4185b59293f14b5e28304c9b954c8001a72afeb482937a47d18787d0043766ecdbfd
SSDEEP

768:sDfgCkXSu/YTYi0ICxHv0691G90h3MJBtBE/KSYb9OCM1Yy1e5r66o7Y:sD2icYTdRj6vG90tKLEiJa1Y3X

Score

N/A

Malware Config

Signatures

Files

7c0101f939336fcab4f1a7bfdac056ad7c36d9ea6cba38eb818fc10d533f028f
.exe windows x86

d328dd3a75eacbd9e983f8ff79a1f75e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
IoRegisterDriverReinitialization
swprintf
KeTickCount
KeQueryTimeIncrement
_stricmp
ZwSetInformationFile
ZwCreateFile
wcscpy
PsSetCreateProcessNotifyRoutine
wcscat
_wcsicmp
_snwprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
ZwCreateKey
RtlAnsiStringToUnicodeString
MmIsAddressValid
IoDeviceObjectType
ObReferenceObjectByHandle
IofCompleteRequest
ObfDereferenceObject
wcsstr
_wcslwr
wcsncpy
wcsrchr
wcschr
strncmp
IoGetCurrentProcess
KeQuerySystemTime
RtlCompareUnicodeString
MmGetSystemRoutineAddress
PsGetVersion
ZwDeleteKey
strncpy
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
_wcsnicmp
ExFreePool
KeDelayExecutionThread
_snprintf

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d328dd3a75eacbd9e983f8ff79a1f75e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 64B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 64B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB