84ca249c60867dd18c6965aad1e14f6c451232e7dd066f2dd28f6d0ee122c7ca

General

Target

84ca249c60867dd18c6965aad1e14f6c451232e7dd066f2dd28f6d0ee122c7ca
Size

8KB
MD5

9649a85ce0af93a3eb5bef9faffec75d
SHA1

7c561fe67fc32c6820698974c4b134771ae7f615
SHA256

84ca249c60867dd18c6965aad1e14f6c451232e7dd066f2dd28f6d0ee122c7ca
SHA512

b987e10b76a7b8c45a5e3f3da9470d13eb3ce5bf1de66d0130bdf40e104473a6823d37500c6bd18c7c7ecf5b367bc2c997e546709a9e6cdaf0d30a080fa350a1
SSDEEP

96:t27qYUF1K8W/dPTcK9g9cF5L05KAVEopJ2atVdPeBOxNV:t0q32FJTj9g9cnmVEkJ2a7tPx/

Score

N/A

Malware Config

Signatures

Files

84ca249c60867dd18c6965aad1e14f6c451232e7dd066f2dd28f6d0ee122c7ca
.exe windows x86

6a74a0add17bf0c271a4d50fc2129f39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetThreadWin32Thread
KeGetCurrentThread
PsGetCurrentProcessId
KeQuerySystemTime
ExAllocatePoolWithTag
IofCompleteRequest
PsRemoveCreateThreadNotifyRoutine
KeReleaseSemaphore
ZwClose
PsCreateSystemThread
MmIsAddressValid
KeWaitForSingleObject
PsSetCreateThreadNotifyRoutine
KeInitializeSemaphore
_except_handler3
RtlTimeToTimeFields
NtBuildNumber
ZwCreateFile
ZwWriteFile
_vsnprintf
ObfDereferenceObject
IoGetBaseFileSystemDeviceObject
IoGetDeviceObjectPointer
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx
RtlInitUnicodeString
IoCreateDevice
ZwQueryInformationProcess

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a74a0add17bf0c271a4d50fc2129f39

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 436B

.data Size: 512B - Virtual size: 116B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 512B - Virtual size: 378B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 436B

.data
Size: 512B - Virtual size: 116B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 378B