d48f499cce9b15371d173d5298bcb22d2f7318fed6ad3cf9cc8f68bd14fe145a

Sharing

Copy URL Twitter E-mail

General

Target

d48f499cce9b15371d173d5298bcb22d2f7318fed6ad3cf9cc8f68bd14fe145a
Size

23KB
MD5

4de8d91d7ef48ca70a4ab436b7fd794d
SHA1

464e0b5d71fff2dacbd290d63df5687e5d8ef097
SHA256

d48f499cce9b15371d173d5298bcb22d2f7318fed6ad3cf9cc8f68bd14fe145a
SHA512

92d6e94fe79f53f5df93bdee862e86d15649fd71102aac2659cb8a826cd89969e3a20e660752d6c556112e83e9d09d9686283ac13f2ab6208a0e475fb58bbabf
SSDEEP

384:FnJKco9PkWZLs4vmqeOUOAIZcHV1Hd63+r7WN079kAD:NJYsELlvxGXs0Jv

Score

N/A

Malware Config

Signatures

Files

d48f499cce9b15371d173d5298bcb22d2f7318fed6ad3cf9cc8f68bd14fe145a
.exe windows x86

1bad0341bdb9268d5155c7a3ebb131c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetVersion
strncmp
strlen
IoGetCurrentProcess
ZwClose
ZwFlushKey
ZwSetValueKey
ExFreePool
ZwQueryValueKey
memset
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
wcslen
wcscmp
wcscpy
ZwCreateFile
IoRegisterDriverReinitialization
PsSetLoadImageNotifyRoutine
IoRegisterShutdownNotification
IoCreateDevice
KeDetachProcess
memcpy
ProbeForWrite
RtlCompareMemory
KeAttachProcess
_stricmp
strncpy
PsLookupProcessByProcessId
IofCompleteRequest
MmIsAddressValid
_except_handler3
IoCreateFile
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
KeGetCurrentThread
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IoDetachDevice
IoDeleteDevice
IoDeleteSymbolicLink
strrchr
ObReferenceObjectByName
IoDriverObjectType
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
InterlockedExchange
strcmp
RtlFreeAnsiString
strstr
_strlwr
RtlUnicodeStringToAnsiString
ZwReadFile
ZwQueryInformationFile
KeServiceDescriptorTable
ZwQuerySystemInformation
ProbeForRead

hal

KeGetCurrentIrql

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bad0341bdb9268d5155c7a3ebb131c2

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 45KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 45KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 2KB - Virtual size: 1KB