bf87cfd0a52cb8511c76bbc16f1762f3cf5b01bb96367efb89da203e264520c2

General

Target

bf87cfd0a52cb8511c76bbc16f1762f3cf5b01bb96367efb89da203e264520c2
Size

15KB
MD5

c2823193b3de4160bbcfee71e6043d79
SHA1

a299755c0f8186562336f91dc250f3e26a56b31a
SHA256

bf87cfd0a52cb8511c76bbc16f1762f3cf5b01bb96367efb89da203e264520c2
SHA512

b7b52b06f3d04c337a52d114eb9903f9efbd9780a1999fc468dc3d40ef0c1fc8012a807b105bd65ad45f6826247b8c1f02d4341eb39c0d35520ce23f5282638b
SSDEEP

192:q+9svQ7BrPVnN0ujlzEiIXiM2+KO2XX8owLTBUZWIp:q+RNl68JEiIXN2+KX8owLTBUj

Score

N/A

Malware Config

Signatures

Files

bf87cfd0a52cb8511c76bbc16f1762f3cf5b01bb96367efb89da203e264520c2
.exe windows x86

ac0bd45f276d8439e6564c779ed4ab11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExGetPreviousMode
MmIsAddressValid
ProbeForWrite
ProbeForRead
_except_handler3
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
PsTerminateSystemThread
ExFreePool
RtlFreeAnsiString
_strlwr
RtlUnicodeStringToAnsiString
ExAllocatePoolWithTag
ZwQuerySystemInformation
strncmp
IoGetCurrentProcess
IofCompleteRequest
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmSizeOfMdl
ZwQueryInformationProcess
PsGetCurrentProcessId
_stricmp
_strupr
strrchr
ZwPulseEvent
MmGetSystemRoutineAddress
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac0bd45f276d8439e6564c779ed4ab11

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 288B - Virtual size: 280B

.data Size: 9KB - Virtual size: 9KB

INIT Size: 960B - Virtual size: 946B

.reloc Size: 384B - Virtual size: 360B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 288B - Virtual size: 280B

.data
Size: 9KB - Virtual size: 9KB

INIT
Size: 960B - Virtual size: 946B

.reloc
Size: 384B - Virtual size: 360B