7a0de796b14b4c7787a78de504111cb978aa2286c63acf1d28c5009004d99d72

General

Target

7a0de796b14b4c7787a78de504111cb978aa2286c63acf1d28c5009004d99d72
Size

17KB
MD5

6d6bad905d904c6253ade7056bf0dcfa
SHA1

997c86d9d1ead315f954270a931942047b13a7f4
SHA256

7a0de796b14b4c7787a78de504111cb978aa2286c63acf1d28c5009004d99d72
SHA512

947c60e547a771d0cfeab977e10055ffba514bbebfd4450da764a0ce5ef992e793efa097d5bc3247fb8e96ac578d44dba14d8327dec55222a7be52416536e567
SSDEEP

384:RDnHH1COELi4XWm6Wes1twN02mo3yJKRzA/0gEwiutVvVCRLPqteX119Bky+23+y:x8OEVy+8FLy0l

Score

N/A

Malware Config

Signatures

Files

7a0de796b14b4c7787a78de504111cb978aa2286c63acf1d28c5009004d99d72
.exe windows x86

7d1853b2e9d19694a44aab502e08501b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ExGetPreviousMode
MmIsAddressValid
ProbeForWrite
ProbeForRead
_except_handler3
strncmp
IoGetCurrentProcess
IofCompleteRequest
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ExAllocatePoolWithTag
MmSizeOfMdl
ZwQueryInformationProcess
PsGetCurrentProcessId
_stricmp
_strupr
RtlFreeAnsiString
_strlwr
strrchr
RtlUnicodeStringToAnsiString
ExFreePool
ZwPulseEvent
MmGetSystemRoutineAddress
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwQuerySystemInformation
PsTerminateSystemThread
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d1853b2e9d19694a44aab502e08501b

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

zdata Size: 288B - Virtual size: 260B

vdata Size: 288B - Virtual size: 260B

INIT Size: 928B - Virtual size: 912B

.reloc Size: 384B - Virtual size: 368B

.text
Size: 14KB - Virtual size: 14KB

zdata
Size: 288B - Virtual size: 260B

vdata
Size: 288B - Virtual size: 260B

INIT
Size: 928B - Virtual size: 912B

.reloc
Size: 384B - Virtual size: 368B