685eef38ae2e131980e9a7bb75f26ed3d5e1d526704366a0c3391d0320af4d9f

General

Target

685eef38ae2e131980e9a7bb75f26ed3d5e1d526704366a0c3391d0320af4d9f
Size

445KB
MD5

68c6a38634de6a2870e33d51b507c840
SHA1

fededfc3203f0c626cf5b574c9628f35071c3918
SHA256

685eef38ae2e131980e9a7bb75f26ed3d5e1d526704366a0c3391d0320af4d9f
SHA512

5fd889d4156d907101bb26735ec6bfdbf7c0677ce6d5a5006db6e8deea78849922c07d3c3adcc31f27e74ab23fab7885b8dbfae406d4144e011de08b5eef8ebc
SSDEEP

6144:hMPUcCZEKTHAJiKXi4LE4wxHObJ2LG24z/3nZr26tVrl/tg5o8jOcfDvecdQs:haUVBtKy4LE4wxubJ2Li73ZpjgRdKWQ

Score

N/A

Malware Config

Signatures

Files

685eef38ae2e131980e9a7bb75f26ed3d5e1d526704366a0c3391d0320af4d9f
.dll windows x86

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
MmForceSectionClosed
RtlFreeUnicodeString
KeEnterCriticalRegion
KeLeaveCriticalRegion
RtlDeleteElementGenericTable
ZwSetSecurityObject
KdDisableDebugger
IoGetDeviceToVerify
IoCheckEaBufferValidity
CcFastCopyRead
HalExamineMBR
RtlFindClearBitsAndSet
ProbeForRead
IoDeviceObjectType
KeGetCurrentThread
ObInsertObject
IoSetShareAccess
RtlCreateSecurityDescriptor
MmIsThisAnNtAsSystem
RtlFindClearBits
KeInitializeTimer
IoQueueWorkItem
ZwDeleteKey
RtlQueryRegistryValues
IoGetTopLevelIrp
IoInvalidateDeviceRelations
FsRtlCheckLockForReadAccess
ExUnregisterCallback
IoReleaseCancelSpinLock
IoGetBootDiskInformation
KeRestoreFloatingPointState
SeTokenIsRestricted
IoSetTopLevelIrp
ObGetObjectSecurity
PoUnregisterSystemState
IoGetDeviceAttachmentBaseRef
KeQueryInterruptTime
KeTickCount
PsDereferencePrimaryToken
IoGetDiskDeviceObject
MmFreeNonCachedMemory
IoCheckShareAccess
MmFreeMappingAddress
MmHighestUserAddress
IoVerifyVolume
ZwQuerySymbolicLinkObject
RtlAnsiStringToUnicodeString
CcPinMappedData
ExSystemTimeToLocalTime
DbgBreakPointWithStatus
KeReadStateMutex
KeInitializeEvent
ExGetExclusiveWaiterCount

Exports

Exports

?RtlDirectoryExW@@YGPADHPAG<V
?DeleteVersionExW@@YGGD<V
?FindSectionA@@YGFFPA_NGM<V
?ModifyPathExW@@YGKK<V
?SetFilePathW@@YGIPAJJIPAJ<V
?IsNotFileEx@@YGMPAMDF<V

Sections

.text
Size: 45KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 3KB