147199ccbce4ac0cd3110c2350553af36ea99f169af04452e215cf9da614b6e1

General

Target

147199ccbce4ac0cd3110c2350553af36ea99f169af04452e215cf9da614b6e1
Size

21KB
MD5

f80616f390cdc2a2659c251345f83581
SHA1

a32e37146a6963a9eb264010865307bcb21c4d6d
SHA256

147199ccbce4ac0cd3110c2350553af36ea99f169af04452e215cf9da614b6e1
SHA512

4a0fbb1fd139862da946dc7f499c89799df4ea4a0e148225b7f2fe1c5d8c993a29bfe0f9820701a8bfa6cd078311d9a1d4cf4e091bc93c025828b11816ac6cb1
SSDEEP

384:jI3v76IJc77mQLEQehlXNTUUTZ8dV58dd38cLrQR:jI3DbcbLWFNGz5Aqcy

Score

N/A

Malware Config

Signatures

Files

147199ccbce4ac0cd3110c2350553af36ea99f169af04452e215cf9da614b6e1
.exe windows x86

b031864c7de75ccdddd12eec59c02fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
_wcsnicmp
wcslen
strncmp
IoGetCurrentProcess
strncpy
RtlCopyUnicodeString
PsCreateSystemThread
_snwprintf
ExAllocatePoolWithTag
wcsncpy
wcschr
ExFreePool
RtlConvertSidToUnicodeString
ZwQueryInformationToken
ObfDereferenceObject
ObOpenObjectByPointer
PsReferencePrimaryToken
MmGetSystemRoutineAddress
_wcsicmp
wcsrchr
ZwDeleteKey
swprintf
ZwOpenKey
ZwSetValueKey
ZwCreateKey
ZwSetInformationFile
wcscpy
wcsstr
_wcslwr
MmIsAddressValid
ObReferenceObjectByHandle
_stricmp
ZwQueryValueKey
RtlCompareUnicodeString
ObQueryNameString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
PsLookupProcessByProcessId
KeQuerySystemTime
_except_handler3
ZwEnumerateKey
ZwQueryKey
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
_snprintf

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b031864c7de75ccdddd12eec59c02fab

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB