e73105c0a35e58bc6e15463e115e2b21b0d28fc8942f4de1b55b7659bbf7f9b2

Sharing

Copy URL

Twitter E-mail

General

Target

e73105c0a35e58bc6e15463e115e2b21b0d28fc8942f4de1b55b7659bbf7f9b2
Size

180KB
MD5

5e2ca92dc0d03a93264fbdc3451bcae0
SHA1

c72704d7070f12b96e55fe2370378035dce58a51
SHA256

e73105c0a35e58bc6e15463e115e2b21b0d28fc8942f4de1b55b7659bbf7f9b2
SHA512

ba22b4f9755316b4d4597b99e17cfd13d4f65e420f1b3c9511a469254630be7697b0931a305e889ec40cfede4e2bb3bf5026fd7e1576ab1afe563f23fe666324
SSDEEP

3072:sFIZkfiqiWuppcsfFw1/FFTsCYEwhVJ3iDbtSHVPD3soJ1L:wIZk6M6aSArYE4VpiN+PgoJ1

Score

N/A

Malware Config

Signatures

Files

e73105c0a35e58bc6e15463e115e2b21b0d28fc8942f4de1b55b7659bbf7f9b2
.dll windows x86

3c501d640c6f4659a5cb55eb635efccc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoInvalidateDeviceState
MmFreeContiguousMemory
KeInitializeApc
IoGetCurrentProcess
RtlTimeToSecondsSince1980
IoConnectInterrupt
IoGetAttachedDevice
CcUnpinRepinnedBcb
RtlSecondsSince1970ToTime
IoVerifyVolume
RtlUpcaseUnicodeString
ProbeForWrite
ZwCreateEvent
KePulseEvent
IoDeviceObjectType
KeSynchronizeExecution
RtlCreateUnicodeString
IoSetSystemPartition
IoRequestDeviceEject
ExAllocatePoolWithQuota
PsSetLoadImageNotifyRoutine
MmAllocatePagesForMdl
IoQueryFileDosDeviceName
IoCreateDevice
KeDeregisterBugCheckCallback
ExRaiseDatatypeMisalignment
SeFreePrivileges
ZwFlushKey
KeGetCurrentThread
SeTokenIsRestricted
MmForceSectionClosed
IoEnumerateDeviceObjectList
ObfDereferenceObject
FsRtlNotifyUninitializeSync
RtlAppendUnicodeToString
IoSetThreadHardErrorMode
IoQueryFileInformation
IoGetBootDiskInformation
RtlUnicodeStringToInteger
RtlIsNameLegalDOS8Dot3
KeDelayExecutionThread
RtlInitUnicodeString
IoThreadToProcess
ZwEnumerateValueKey
CcFastCopyWrite
SeDeleteObjectAuditAlarm
RtlInitializeSid
IoBuildSynchronousFsdRequest
MmFreeMappingAddress
RtlInitializeBitMap
MmFlushImageSection
SeLockSubjectContext
RtlEqualUnicodeString
PsGetCurrentThreadId
RtlQueryRegistryValues
KeRemoveByKeyDeviceQueue
FsRtlGetNextFileLock
KdDisableDebugger
IoSetPartitionInformationEx
PsLookupThreadByThreadId
RtlGUIDFromString
IoAllocateErrorLogEntry
RtlFindClearRuns
CcMdlReadComplete
PsReturnPoolQuota
IoInvalidateDeviceRelations
RtlInt64ToUnicodeString
KeReadStateEvent
RtlFreeAnsiString
RtlUpperChar
RtlFindUnicodePrefix
RtlInsertUnicodePrefix
SeQueryInformationToken
IoSetTopLevelIrp
KeSetSystemAffinityThread
SeAssignSecurity
KeCancelTimer
MmUnlockPagableImageSection
ZwSetVolumeInformationFile
RtlRandom
MmMapLockedPagesSpecifyCache
ExReleaseFastMutexUnsafe
MmFreeNonCachedMemory
ExDeleteNPagedLookasideList
IoDeleteSymbolicLink
PoRegisterSystemState
RtlxAnsiStringToUnicodeSize
MmIsDriverVerifying
ExDeletePagedLookasideList
RtlAddAccessAllowedAceEx
IoQueueWorkItem
KeRevertToUserAffinityThread
RtlMultiByteToUnicodeN
PsRevertToSelf
ZwCreateKey
IoReleaseVpbSpinLock
MmProbeAndLockProcessPages
IoReleaseRemoveLockEx
IoCreateNotificationEvent
RtlCreateSecurityDescriptor
IoReadDiskSignature
IoSetDeviceInterfaceState
KeInsertQueue
RtlxUnicodeStringToAnsiSize
PsLookupProcessByProcessId
RtlCharToInteger
ZwMapViewOfSection
RtlGetCallersAddress
KeQueryActiveProcessors
ExGetExclusiveWaiterCount
IoGetDeviceObjectPointer
RtlCopyLuid
ZwLoadDriver
ObCreateObject
ZwSetSecurityObject
RtlGetVersion
RtlGetNextRange
IoCreateFile
RtlLengthSid
PsGetProcessExitTime
SeReleaseSubjectContext
ExSetTimerResolution
ZwOpenKey
MmIsThisAnNtAsSystem
RtlSetBits
MmIsVerifierEnabled
IoGetDeviceInterfaceAlias
PsImpersonateClient
KeRestoreFloatingPointState
IoCreateDisk
RtlAddAccessAllowedAce
RtlRemoveUnicodePrefix
FsRtlIsDbcsInExpression
CcFlushCache
KeInsertByKeyDeviceQueue
ExSystemTimeToLocalTime
FsRtlDeregisterUncProvider
MmFreePagesFromMdl
PsChargeProcessPoolQuota
KeLeaveCriticalRegion
IoGetLowerDeviceObject
RtlEnumerateGenericTable
KeReleaseMutex
IoAllocateWorkItem
IoGetDiskDeviceObject
RtlInitString
KeSetImportanceDpc
ExRegisterCallback
IoUpdateShareAccess
SePrivilegeCheck
ExFreePoolWithTag
IoReportDetectedDevice
ZwCreateSection
MmUnmapReservedMapping
RtlAnsiCharToUnicodeChar
MmHighestUserAddress
MmAllocateMappingAddress
MmBuildMdlForNonPagedPool
ZwQueryKey
CcRepinBcb
IoRemoveShareAccess
KeInitializeDpc
IoAcquireRemoveLockEx
ZwDeleteValueKey
ZwEnumerateKey
SeSetSecurityDescriptorInfo
RtlAreBitsSet
IoOpenDeviceRegistryKey
ZwOpenFile
RtlSetAllBits
MmLockPagableDataSection
KeAttachProcess
RtlDeleteElementGenericTable
IoIsOperationSynchronous
KeQuerySystemTime
IoQueryDeviceDescription
PoRequestPowerIrp
ExAllocatePoolWithTag
IoCheckQuotaBufferValidity
RtlInitAnsiString
CcFastMdlReadWait
RtlUpperString
CcSetReadAheadGranularity
IoVerifyPartitionTable
KeWaitForMultipleObjects
MmAllocateContiguousMemory
IofCallDriver
ExRaiseStatus
MmSecureVirtualMemory
ExQueueWorkItem
RtlClearAllBits
FsRtlFastUnlockSingle
KefAcquireSpinLockAtDpcLevel
IoDeleteDevice
CcUnpinDataForThread
CcMdlWriteComplete
KeRundownQueue
RtlUnicodeStringToAnsiString
RtlTimeToSecondsSince1970
KeQueryTimeIncrement
ZwFreeVirtualMemory
SeFilterToken
FsRtlCheckOplock
RtlUpcaseUnicodeToOemN
KeInitializeEvent
FsRtlLookupLastLargeMcbEntry
PoCallDriver
KeSetTargetProcessorDpc
IoFreeMdl
KeInsertHeadQueue
SeValidSecurityDescriptor
MmProbeAndLockPages
IoWriteErrorLogEntry
CcInitializeCacheMap
IoStartNextPacket
PsTerminateSystemThread
IoReleaseRemoveLockAndWaitEx
ObMakeTemporaryObject
KeStackAttachProcess
CcFastCopyRead
MmMapIoSpace
SeDeassignSecurity
MmPageEntireDriver
FsRtlFastCheckLockForRead
PoUnregisterSystemState
IoGetRelatedDeviceObject
SeQueryAuthenticationIdToken
CcMdlRead
RtlTimeToTimeFields
KeSetPriorityThread
CcPreparePinWrite
DbgPrompt
FsRtlNotifyInitializeSync
IoInitializeRemoveLockEx
IoStopTimer
MmAdvanceMdl
IoAllocateAdapterChannel
CcPurgeCacheSection
KeWaitForSingleObject
RtlClearBits
ExReleaseResourceLite
IoGetRequestorProcess
RtlAnsiStringToUnicodeString
PsCreateSystemThread
IoGetRequestorProcessId
KeDetachProcess
KeRegisterBugCheckCallback
VerSetConditionMask
CcMdlWriteAbort
RtlFindClearBitsAndSet
MmUnsecureVirtualMemory
IoAllocateIrp
IoVolumeDeviceToDosName
ExAllocatePoolWithQuotaTag
IoFreeErrorLogEntry
ZwQueryValueKey
PsDereferencePrimaryToken
IofCompleteRequest
ProbeForRead

Exports

Exports

?FreeProcess@@IJPAKPAN@X

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c501d640c6f4659a5cb55eb635efccc

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 44KB - Virtual size: 44KB

.init Size: - Virtual size: 4KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 604B

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 44KB - Virtual size: 44KB

.init
Size: - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 604B