5082dd3146cb764dc7d9e1ec43e3a6b3c6d3a91c6f05971a0a585117f7f58cf4

Sharing

Copy URL Twitter E-mail

General

Target

5082dd3146cb764dc7d9e1ec43e3a6b3c6d3a91c6f05971a0a585117f7f58cf4
Size

331KB
MD5

fb950f7fdd155415b1f2d75154e45dd0
SHA1

b3e706a6a35a2e991e3dc92afe6d647cfc99525f
SHA256

5082dd3146cb764dc7d9e1ec43e3a6b3c6d3a91c6f05971a0a585117f7f58cf4
SHA512

7b69137a57bc8f3c68f58e3dfcb0a223d768df8a40f66f764baf2a5395ef1a6171f0701a75363f7351d7c7066453faaff8f09c48423f51900964698a22cd9f38
SSDEEP

6144:hfuCrxapCuLj5la/n/jtglEoa4vHg+u83lyn1q+/jst8KHfjIckkQYdWihh19:hWOaYu3a6lZa4fg+e1q+/4ttHfjIc7Qk

Score

N/A

Malware Config

Signatures

Files

5082dd3146cb764dc7d9e1ec43e3a6b3c6d3a91c6f05971a0a585117f7f58cf4
.dll windows x86

02ef1047b311e950562876194c85b019

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCreateUnicodeString
IoQueryDeviceDescription
KeRemoveQueue
RtlSetBits
IoCheckQuotaBufferValidity
SePrivilegeCheck
RtlTimeToSecondsSince1970
SeTokenIsAdmin
RtlFindMostSignificantBit
PsChargeProcessPoolQuota
IoInitializeTimer
KeGetCurrentThread
SeFilterToken
ExAcquireResourceSharedLite
CcRepinBcb
ZwQueryKey
RtlDelete
IoBuildPartialMdl
PsGetCurrentThread
RtlNumberOfClearBits
IoReadDiskSignature
IoAllocateErrorLogEntry
KefAcquireSpinLockAtDpcLevel
KeSetSystemAffinityThread
RtlInitAnsiString
IoSetPartitionInformationEx
KeRemoveByKeyDeviceQueue
KeRestoreFloatingPointState
RtlSplay
ZwOpenSymbolicLinkObject
ExGetPreviousMode
RtlSetAllBits
IoIsOperationSynchronous
FsRtlIsFatDbcsLegal
ZwSetValueKey
ZwWriteFile
KeInitializeDeviceQueue
MmIsThisAnNtAsSystem
RtlFillMemoryUlong
ZwOpenFile
IoGetDriverObjectExtension
MmProbeAndLockPages
IoRegisterDeviceInterface
MmQuerySystemSize
ExVerifySuite
PsCreateSystemThread
ZwCreateDirectoryObject
MmHighestUserAddress
KeReadStateEvent
RtlDowncaseUnicodeString
RtlSubAuthoritySid
RtlInitializeUnicodePrefix
CcUnpinData
MmSecureVirtualMemory
RtlEqualSid
ZwMakeTemporaryObject
MmCanFileBeTruncated
FsRtlIsTotalDeviceFailure
ZwMapViewOfSection
RtlAnsiStringToUnicodeString
KeLeaveCriticalRegion
IoWMIRegistrationControl
IoGetDeviceToVerify
RtlEnumerateGenericTable
KeUnstackDetachProcess
MmUnmapIoSpace
RtlCharToInteger
IoVerifyVolume
RtlQueryRegistryValues
ExReleaseResourceLite
MmFreePagesFromMdl
ExFreePool
ZwOpenProcess
ZwQueryInformationFile
SeUnlockSubjectContext
KeWaitForSingleObject
SeSetSecurityDescriptorInfo
ExSetTimerResolution
IoFreeController
RtlFindClearRuns
IoInvalidateDeviceState
RtlValidSecurityDescriptor
FsRtlIsDbcsInExpression
KeSaveFloatingPointState
PsGetCurrentThreadId
MmMapLockedPagesSpecifyCache
IoDeviceObjectType
MmAddVerifierThunks
ExCreateCallback
RtlEqualString
ZwQueryObject
IoReleaseCancelSpinLock
PsReturnPoolQuota
MmProbeAndLockProcessPages
IoCsqRemoveIrp
RtlCopyLuid
RtlOemToUnicodeN
CcCanIWrite
ObReferenceObjectByHandle
ProbeForWrite
PoSetSystemState
ExInitializeResourceLite
KeRundownQueue
MmPageEntireDriver
IoGetDeviceInterfaces
KeInitializeQueue
ExAllocatePoolWithQuota
IoGetLowerDeviceObject
ExSystemTimeToLocalTime
IoGetBootDiskInformation
IoCreateFile
ZwCreateEvent
RtlxAnsiStringToUnicodeSize
KeRemoveDeviceQueue
KeInsertQueueDpc
IoWMIWriteEvent
MmAdvanceMdl
IoGetTopLevelIrp
KeSetKernelStackSwapEnable
RtlHashUnicodeString
PoSetPowerState
PsTerminateSystemThread
CcUnpinRepinnedBcb
KeQueryActiveProcessors
RtlNtStatusToDosError
RtlPrefixUnicodeString
FsRtlNotifyUninitializeSync
MmMapLockedPages
RtlFindSetBits
CcFastMdlReadWait
IoFreeWorkItem
IoGetDmaAdapter
IofCompleteRequest
RtlGUIDFromString
CcUninitializeCacheMap
FsRtlFastUnlockSingle
ExSetResourceOwnerPointer
SeCreateClientSecurity
KeFlushQueuedDpcs
ExQueueWorkItem
CcCopyWrite
RtlMultiByteToUnicodeN
IoUpdateShareAccess
IoCreateSynchronizationEvent
KeRemoveEntryDeviceQueue
IoSetDeviceToVerify
CcFastCopyWrite
SeQueryAuthenticationIdToken
RtlVerifyVersionInfo
RtlSetDaclSecurityDescriptor
MmGetPhysicalAddress
IoStartPacket
ExRaiseAccessViolation
CcMdlWriteComplete
ZwDeleteKey
RtlRandom
MmAllocatePagesForMdl
RtlTimeToSecondsSince1980
ExDeleteNPagedLookasideList
FsRtlLookupLastLargeMcbEntry
KeSetTargetProcessorDpc
ExReleaseFastMutexUnsafe
KeBugCheckEx
RtlDeleteNoSplay
IoOpenDeviceRegistryKey
IoWritePartitionTableEx
RtlIsNameLegalDOS8Dot3
MmResetDriverPaging
KeDelayExecutionThread
ZwFreeVirtualMemory
ZwSetVolumeInformationFile
IoCreateDevice
RtlClearBits
RtlUpcaseUnicodeString
KeSetBasePriorityThread
ExRegisterCallback
KeQueryTimeIncrement
RtlClearAllBits
RtlMapGenericMask
ObCreateObject
RtlCopyUnicodeString
ExFreePoolWithTag
PoCallDriver
RtlInitString
PsImpersonateClient
KeInsertQueue
KeSetEvent
IoConnectInterrupt
ZwDeviceIoControlFile
KeDeregisterBugCheckCallback
PoRegisterSystemState
RtlUnicodeStringToInteger
CcCopyRead
CcMdlReadComplete
CcPreparePinWrite
ZwFlushKey
KeInsertByKeyDeviceQueue
RtlxUnicodeStringToAnsiSize
FsRtlFreeFileLock
IoRequestDeviceEject
IoSetSystemPartition
RtlIntegerToUnicodeString
ZwAllocateVirtualMemory
IoFreeErrorLogEntry
KeResetEvent
SeLockSubjectContext
ObReleaseObjectSecurity
IoVerifyPartitionTable
MmAllocateMappingAddress
IoDeleteSymbolicLink
IoGetAttachedDevice
IoGetDeviceAttachmentBaseRef
PoStartNextPowerIrp
FsRtlAllocateFileLock
KeEnterCriticalRegion
RtlSecondsSince1970ToTime
FsRtlMdlWriteCompleteDev
RtlxOemStringToUnicodeSize
IoReleaseRemoveLockEx
CcMdlWriteAbort
FsRtlNotifyInitializeSync
CcPurgeCacheSection
PsLookupThreadByThreadId
FsRtlIsHpfsDbcsLegal
ExUnregisterCallback
IoCheckShareAccess
CcSetReadAheadGranularity
RtlInitializeBitMap
ZwNotifyChangeKey
MmBuildMdlForNonPagedPool
KeInitializeSpinLock
ExRaiseDatatypeMisalignment
SeSinglePrivilegeCheck
RtlAreBitsClear
SeAssignSecurity
RtlFreeAnsiString
ExAcquireFastMutexUnsafe
MmGetSystemRoutineAddress
ZwSetSecurityObject
PsGetThreadProcessId
RtlUnicodeToMultiByteN
RtlFreeUnicodeString
ZwQueryValueKey
RtlAppendUnicodeToString
IoGetDeviceProperty
KeWaitForMultipleObjects
KeSetTimer
KeSynchronizeExecution
CcGetFileObjectFromBcb
KeInsertHeadQueue
ZwPowerInformation
KeInitializeApc
CcSetFileSizes
KeReleaseSemaphore
IoAcquireCancelSpinLock
IoEnumerateDeviceObjectList
IoCreateStreamFileObjectLite
ExGetSharedWaiterCount
ZwUnloadDriver

Exports

Exports

?HideClass@@YGPAEPAFIH]A
?GetTimeW@@YGPAK_NPAFPAE]A

Sections

.text
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbg
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02ef1047b311e950562876194c85b019

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 43KB

.dbg Size: 512B - Virtual size: 94B

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 29KB - Virtual size: 43KB

.dbg
Size: 512B - Virtual size: 94B

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 688B