c776d5386879b201d9d16a916954ec95fded5c88e1c8009095288263dc07bbc6

General

Target

c776d5386879b201d9d16a916954ec95fded5c88e1c8009095288263dc07bbc6
Size

29KB
MD5

baf4ff17e2e335bb37e953316e6ad8aa
SHA1

60578698c0e6c39d9024929b652a1808db49076a
SHA256

c776d5386879b201d9d16a916954ec95fded5c88e1c8009095288263dc07bbc6
SHA512

d7f858d06089337aff03d08c4e65bf891e61a9bc977e01a764f55df034e06c2b2c207201a4f7886b1eb0e12e3fa3c7d41b7ff6be8f65d8d88217e0cee6c2ad2a
SSDEEP

384:WUWSJollMAoqO87cNotEq7Vth+GRmgo3lWc5gnN+1B5wJYU4oUMbg:WUWS0lM/VCV7t+aRfc5gn94oUt

Score

N/A

Malware Config

Signatures

Files

c776d5386879b201d9d16a916954ec95fded5c88e1c8009095288263dc07bbc6
.exe windows x86

a948011dfbcafa91207cccaaeb4113ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlVolumeDeviceToDosName
ExFreePoolWithTag
RtlGetVersion
RtlVerifyVersionInfo
IoCancelIrp
ExAllocatePool
RtlMapGenericMask
IoCheckShareAccess
KeClearEvent
ObGetObjectSecurity
MmMapLockedPages
VerSetConditionMask
PoUnregisterSystemState
KeSetEvent
IoVerifyPartitionTable
KeInitializeEvent
ZwDeleteValueKey
RtlInitString
MmBuildMdlForNonPagedPool
RtlCompareString
PoRequestPowerIrp
ZwSetInformationFile
ZwUnloadDriver
PoSetPowerState
ZwMakeTemporaryObject
PoStartNextPowerIrp
ZwEnumerateValueKey
ZwClose
KeBugCheck
ObReferenceObjectByHandle
KeWaitForSingleObject
ZwFlushKey
IoSetPartitionInformationEx
ZwCancelTimer
PoCallDriver
ObfReferenceObject
ZwTerminateProcess
ZwDeleteKey
ZwOpenSection
ZwLoadDriver
ZwOpenKey
memset
memcpy

Exports

Exports

_AllocateMemoryForData@4
_ReleaseMemoryData@0

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ecode
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a948011dfbcafa91207cccaaeb4113ba

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.ecode Size: 512B - Virtual size: 408B

.data Size: - Virtual size: 4B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 240B

.text
Size: 3KB - Virtual size: 2KB

.ecode
Size: 512B - Virtual size: 408B

.data
Size: - Virtual size: 4B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 240B