b82445087b163db3ee0f94be802c1f2bc6c7c542adf6a1ad21d80fec36749011

General

Target

b82445087b163db3ee0f94be802c1f2bc6c7c542adf6a1ad21d80fec36749011
Size

225KB
MD5

b6753059dc27fc9f1bc4fdef5d12abdf
SHA1

3d31140e9070459220c30f61060af0a552c013e6
SHA256

b82445087b163db3ee0f94be802c1f2bc6c7c542adf6a1ad21d80fec36749011
SHA512

208f94cb9c4cdf99a6d6df715c7f538d2743994e9b9ae09b0040c8388309a2e31f18913f4aa45aa70b3f49e07fd1d371a4eb888da7a2a20b2542ef394a820471
SSDEEP

6144:PDMhjIMOcSqZ1ZU7/to67N6CfTBuYfqH7S:PDMpOcSq67t7MCfTbqH7S

Score

N/A

Malware Config

Signatures

Files

b82445087b163db3ee0f94be802c1f2bc6c7c542adf6a1ad21d80fec36749011
.dll windows x86

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
MmForceSectionClosed
RtlFreeUnicodeString
KeEnterCriticalRegion
KeLeaveCriticalRegion
RtlDeleteElementGenericTable
ZwSetSecurityObject
KdDisableDebugger
IoGetDeviceToVerify
IoCheckEaBufferValidity
CcFastCopyRead
HalExamineMBR
RtlFindClearBitsAndSet
ProbeForRead
IoDeviceObjectType
KeGetCurrentThread
ObInsertObject
IoSetShareAccess
RtlCreateSecurityDescriptor
MmIsThisAnNtAsSystem
RtlFindClearBits
KeInitializeTimer
IoQueueWorkItem
ZwDeleteKey
RtlQueryRegistryValues
IoGetTopLevelIrp
IoInvalidateDeviceRelations
FsRtlCheckLockForReadAccess
ExUnregisterCallback
IoReleaseCancelSpinLock
IoGetBootDiskInformation
KeRestoreFloatingPointState
SeTokenIsRestricted
IoSetTopLevelIrp
ObGetObjectSecurity
PoUnregisterSystemState
IoGetDeviceAttachmentBaseRef
KeQueryInterruptTime
KeTickCount
PsDereferencePrimaryToken
IoGetDiskDeviceObject
MmFreeNonCachedMemory
IoCheckShareAccess
MmFreeMappingAddress
MmHighestUserAddress
IoVerifyVolume
ZwQuerySymbolicLinkObject
RtlAnsiStringToUnicodeString
CcPinMappedData
ExSystemTimeToLocalTime
DbgBreakPointWithStatus
KeReadStateMutex
KeInitializeEvent
ExGetExclusiveWaiterCount

Exports

Exports

?RtlDirectoryExW@@YGPADHPAG<V
?DeleteVersionExW@@YGGD<V
?FindSectionA@@YGFFPA_NGM<V
?ModifyPathExW@@YGKK<V
?SetFilePathW@@YGIPAJJIPAJ<V
?IsNotFileEx@@YGMPAMDF<V

Sections

.text
Size: 65KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 83KB

.text
Size: 65KB - Virtual size: 83KB