a70bad9d3828f995387b4a297098efb4baf7aed2294a501242e8912955f7ff51

General

Target

a70bad9d3828f995387b4a297098efb4baf7aed2294a501242e8912955f7ff51
Size

32KB
MD5

0387ac9e63102e78ad9067a1b93b73e6
SHA1

ad8e3100e646fc14c97e778a0d87a299440d1514
SHA256

a70bad9d3828f995387b4a297098efb4baf7aed2294a501242e8912955f7ff51
SHA512

25f750e7ae64ea3a5a557e182457be7a53279ce6404b9f0c5d45ff7814b176db6e4f782b947cc77b1d2f8a5a589094e9187b9b565f7041f9a7abd03133e91363
SSDEEP

768:UbNNy2ifI8nbcQnwKNCdIvmtKJZ2MhYvRAVLODCPl4Fg7zNs:iy2Z8nbcQnzNCdIvmtKJZ2MhYvRAJCCW

Score

N/A

Malware Config

Signatures

Files

a70bad9d3828f995387b4a297098efb4baf7aed2294a501242e8912955f7ff51
.exe windows x86

408e863d5596d872483b0896e6ec052c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
wcsncpy
PsGetVersion
isdigit
islower
isupper
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
toupper
strchr
tolower
atoi
strstr
strrchr
srand
isspace
atol
PsSetCreateProcessNotifyRoutine
isprint
isxdigit
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateFile
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwUnmapViewOfSection
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwCreateKey
wcscat
wcscpy

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

408e863d5596d872483b0896e6ec052c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB