aeefa7fc37ff1b35f529ddd4b8c61c5cdac427b776a6e3f6e80f65969a21fed9

Sharing

Copy URL Twitter E-mail

General

Target

aeefa7fc37ff1b35f529ddd4b8c61c5cdac427b776a6e3f6e80f65969a21fed9
Size

39KB
MD5

35bc1995b8c8ad7c5ca2cfd3ffaa020e
SHA1

b18c828f0a59cea88b9d3047b3a00c41af3d5717
SHA256

aeefa7fc37ff1b35f529ddd4b8c61c5cdac427b776a6e3f6e80f65969a21fed9
SHA512

31359fe7579da8e6d512441c9186243b53d7bf51b69c7a3cd549697b6fb72c7a0662878beb3f290b0ded731aa6adbe4cc760177e5e469c152c88666f6fc58913
SSDEEP

768:WRWrFv9Sv7swIBDvNbno0R3Uni5hTOnFnL0JIA2od9ExS9E+KzyiAfLlQnpHwg1X:Wwm5Ic0RkijT84JIxvcKzyLlWQQrUU

Score

N/A

Malware Config

Signatures

Files

aeefa7fc37ff1b35f529ddd4b8c61c5cdac427b776a6e3f6e80f65969a21fed9
.exe windows x86

b32a82d3d221c710e02f1704f97246bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwOpenKey
RtlInitUnicodeString
swprintf
RtlCompareUnicodeString
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
wcsstr
_wcslwr
PsGetVersion
PsSetCreateProcessNotifyRoutine
strncmp
IoGetCurrentProcess
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcslen
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
KeDelayExecutionThread
KeQuerySystemTime
RtlAnsiStringToUnicodeString
wcscat
wcscpy
_wcsicmp
_except_handler3
_stricmp
RtlCopyUnicodeString
IoRegisterDriverReinitialization
_snwprintf
ZwDeleteKey
_wcsnicmp
wcschr
KeTickCount
KeQueryTimeIncrement
strncpy
PsLookupProcessByProcessId
IofCompleteRequest
IoDeviceObjectType
PsCreateSystemThread
ZwSetInformationFile

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 42B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b32a82d3d221c710e02f1704f97246bb

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 42B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 42B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB