ba579b2ad8d95f3c7889f8f990e9d0ba4a6eec8b7179f855c04bb776865580a1

General

Target

ba579b2ad8d95f3c7889f8f990e9d0ba4a6eec8b7179f855c04bb776865580a1
Size

20KB
MD5

f8a783d8bed8964cfad7fd0e64cd36b0
SHA1

3b6154a3bb6c8e8cda6cbe5c21cc1daedfd1097d
SHA256

ba579b2ad8d95f3c7889f8f990e9d0ba4a6eec8b7179f855c04bb776865580a1
SHA512

ce58308a353c62574014e28986a451de2140ef9116046851a360a50c33eef330f1f62d8ca9c33b421fdfce79e4fe29d043587f52c28de1df77f073ea90486c6a
SSDEEP

384:deOyq0p9+JThNk5QLJgI9Lhj7LYOPNunW1WkW781gW:de3dWhiQNgCLhpEC1

Score

N/A

Malware Config

Signatures

Files

ba579b2ad8d95f3c7889f8f990e9d0ba4a6eec8b7179f855c04bb776865580a1
.exe windows x86

d7d82f916a1e3880c0704753df39a1a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlLookupLastLargeMcbEntry
RtlFindLongestRunClear
CcGetFlushedValidData
ZwSetInformationFile
memcpy
ZwDisplayString
ExFreePoolWithTag
KeInsertQueueDpc
IoWritePartitionTableEx
FsRtlInitializeMcb
RtlReserveChunk
READ_REGISTER_BUFFER_ULONG
RtlInt64ToUnicodeString
ExInitializeRundownProtection
ZwCreateFile
RtlAppendUnicodeStringToString
FsRtlIsNtstatusExpected
strlen
DbgPrint
NtDuplicateObject
IoReportResourceForDetection
NtAllocateUuids
KdDebuggerEnabled
FsRtlNotifyFilterChangeDirectory
KeStackAttachProcess
RtlImageNtHeader
IoCreateSymbolicLink
ExAllocatePool
strcmp
CcGetDirtyPages
MmIsAddressValid
CcGetFileObjectFromSectionPtrs
PsRestoreImpersonation

Exports

Exports

IpizcfAcmvvdWqu
OsvFuvvGhbfDn
GfeKmpxvAbljKm

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7d82f916a1e3880c0704753df39a1a2

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 914B

.reloc Size: 512B - Virtual size: 88B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 914B

.reloc
Size: 512B - Virtual size: 88B

.rsrc
Size: 3KB - Virtual size: 2KB