c16f1dcad5a1b1e83ab8b9fd5e249d4236d3a9e94a5b5fe7646a2db22f6e3372

Sharing

Copy URL

Twitter E-mail

General

Target

c16f1dcad5a1b1e83ab8b9fd5e249d4236d3a9e94a5b5fe7646a2db22f6e3372
Size

40KB
MD5

3cfd70d234399fd7d5bf4bc9c489bacc
SHA1

a0fc25c70cfd490e605e0f438e8ad6ae5dc35e47
SHA256

c16f1dcad5a1b1e83ab8b9fd5e249d4236d3a9e94a5b5fe7646a2db22f6e3372
SHA512

30bcdc60364c9b036abaaa9f3297669e5f37826d920d9213055f9448317b5349396580a9b3c98e8d4190040ed66c6161f991af93d56e4cbb492ff6a4508b8fee
SSDEEP

768:fJin9YHEco5yOr9iUHrkHz4sSVETg7yff9Iuzuen+:fJi0QyO5zezXZTg7yH9Qe

Score

N/A

Malware Config

Signatures

Files

c16f1dcad5a1b1e83ab8b9fd5e249d4236d3a9e94a5b5fe7646a2db22f6e3372
.dll windows x86

06de97084909c4a31fbd08dd297502c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlNumberOfClearBits
MmFreeContiguousMemory
KeReadStateTimer
RtlCompareString
SeSinglePrivilegeCheck
IoCreateSymbolicLink
IoReportResourceForDetection
RtlInitString
KeSetTimer
IoAllocateController
FsRtlIsHpfsDbcsLegal
KeSetTimerEx
KeInitializeSpinLock
MmGetPhysicalAddress
MmGetSystemRoutineAddress
CcFastCopyRead
IoReuseIrp
ExNotifyCallback
RtlEqualString
PsGetCurrentThreadId
PsLookupProcessByProcessId
KeInitializeTimerEx
IoFreeMdl
SeImpersonateClientEx
FsRtlCheckLockForWriteAccess
IoRequestDeviceEject
KeFlushQueuedDpcs
IoOpenDeviceRegistryKey

Exports

Exports

?wfyridxj@@YGMD@Z
?RxGNcTeiRMucv@@YGMIG@Z
?fhqluEruWzxJfVpYuuw@@YGPAEPAJJ@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbgdir
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vars
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.packed
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 616B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmem
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack2
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06de97084909c4a31fbd08dd297502c1

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.itext Size: 512B - Virtual size: 512B

.idata Size: 1024B - Virtual size: 1024B

.edata Size: 512B - Virtual size: 4KB

.dbgdir Size: 512B - Virtual size: 512B

.dbg Size: 512B - Virtual size: 512B

.vars Size: 2KB - Virtual size: 2KB

.packed Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 616B

.vmem Size: - Virtual size: 4KB

.pack1 Size: 8KB - Virtual size: 8KB

.pack2 Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.itext
Size: 512B - Virtual size: 512B

.idata
Size: 1024B - Virtual size: 1024B

.edata
Size: 512B - Virtual size: 4KB

.dbgdir
Size: 512B - Virtual size: 512B

.dbg
Size: 512B - Virtual size: 512B

.vars
Size: 2KB - Virtual size: 2KB

.packed
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 616B

.vmem
Size: - Virtual size: 4KB

.pack1
Size: 8KB - Virtual size: 8KB

.pack2
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB