a47c63b4bc8e3960da2a07ef45693b66619d9e4208fde9d2c3ec9b6025f215a4

General

Target

a47c63b4bc8e3960da2a07ef45693b66619d9e4208fde9d2c3ec9b6025f215a4
Size

13KB
MD5

3847dac184618d624039056918c060d0
SHA1

374f9bfe2377fd953460f9807d1d4516eeb1157b
SHA256

a47c63b4bc8e3960da2a07ef45693b66619d9e4208fde9d2c3ec9b6025f215a4
SHA512

662b6000081de33d6eb1ee70fef61b7667629a5ce0c72d3bc8176104a3d131524db921bbae0476086179c7365fb62a1562995b51ba91215f5b2a074ca5625b5c
SSDEEP

192:FG9T+9snLzTQ5IZAtBSa3ufzduxirDtNI5+Db:+T+OE5bia+fJuxirDjI

Score

N/A

Malware Config

Signatures

Files

a47c63b4bc8e3960da2a07ef45693b66619d9e4208fde9d2c3ec9b6025f215a4
.exe windows x86

0c35d32418dc3aebd156aa05bcb2eba2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
IofCompleteRequest
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ExAllocatePoolWithTag
MmSizeOfMdl
ZwQueryInformationProcess
PsGetCurrentProcessId
ExGetPreviousMode
ProbeForWrite
ProbeForRead
_stricmp
_strupr
RtlFreeAnsiString
_strlwr
strrchr
RtlUnicodeStringToAnsiString
MmIsAddressValid
_except_handler3
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
PsTerminateSystemThread
ExFreePool
ZwQuerySystemInformation
ZwPulseEvent
MmGetSystemRoutineAddress
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 448B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c35d32418dc3aebd156aa05bcb2eba2

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 864B - Virtual size: 856B

.data Size: 7KB - Virtual size: 7KB

INIT Size: 960B - Virtual size: 946B

.reloc Size: 448B - Virtual size: 424B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 864B - Virtual size: 856B

.data
Size: 7KB - Virtual size: 7KB

INIT
Size: 960B - Virtual size: 946B

.reloc
Size: 448B - Virtual size: 424B