b70e526207664439fe3ed4905e1399bc426b0cd2c65d1305326f8a15f2826908

Sharing

Copy URL Twitter E-mail

General

Target

b70e526207664439fe3ed4905e1399bc426b0cd2c65d1305326f8a15f2826908
Size

188KB
MD5

9d29ad6efa9a76f0b6c2b402a2dbb150
SHA1

ca2edec9b30caf2a3f0da51c3b6af863a4ca5b61
SHA256

b70e526207664439fe3ed4905e1399bc426b0cd2c65d1305326f8a15f2826908
SHA512

11f7d73be8935dfe39ac2281a320098050b014f1634c46e6d29f1df0d5ce895c8c692a1a0be946469a3d94fc112915fd86ab4e6cda0fddae0eb8cb8f9f3a18bf
SSDEEP

3072:pV8RMaNvfMqqDL2/HRn3fc2KMPKUGU3jBdHmxLzz/uKjdJom9f3bQL5:cxl0qqDL6R3fchI3jPHYuOSm9E

Score

N/A

Malware Config

Signatures

Files

b70e526207664439fe3ed4905e1399bc426b0cd2c65d1305326f8a15f2826908
.exe windows x86

4396fbf3a8adae4a288cbe8c633f5c24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoRegisterShutdownNotification
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscpy
KeWaitForSingleObject
KeReleaseMutex
ObfDereferenceObject
KeReleaseSemaphore
ExFreePoolWithTag
ExAllocatePoolWithTag
_allmul
wcsncat
wcscat
IoDeleteSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
ZwClose
ObReferenceObjectByHandle
ZwCreateFile
IoGetRelatedDeviceObject
wcslen
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeInitializeSpinLock
KeInitializeSemaphore
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetEvent
wcsncpy
KeSetPriorityThread
KeGetCurrentThread
ExfInterlockedInsertTailList
IoSetHardErrorOrVerifyDevice
IofCompleteRequest
PsCreateSystemThread
ObOpenObjectByPointer
IoGetCurrentProcess
KeInitializeMutex
IoFreeIrp
IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
KeBugCheck
_alldiv
KeClearEvent
ZwSetInformationFile
ZwQueryInformationFile
_snwprintf
wcsstr
ZwReadFile
IoFileObjectType
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoAllocateIrp
KeBugCheckEx
_aullshr

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4396fbf3a8adae4a288cbe8c633f5c24

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 146KB - Virtual size: 146KB

.data Size: 32KB - Virtual size: 32KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 872B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 146KB - Virtual size: 146KB

.data
Size: 32KB - Virtual size: 32KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 872B

.reloc
Size: 6KB - Virtual size: 6KB