ae03f36310c45959576ab8511843efd23dd94792e3f8370235b26dfdfe8ea238

Sharing

Copy URL Twitter E-mail

General

Target

ae03f36310c45959576ab8511843efd23dd94792e3f8370235b26dfdfe8ea238
Size

823KB
MD5

0555e9b013663a1dae392a89a3d32045
SHA1

4af44a3e85ea6f1061f455444d3fa39c35a0dcd6
SHA256

ae03f36310c45959576ab8511843efd23dd94792e3f8370235b26dfdfe8ea238
SHA512

3f0823ddfe7fcb7b44575ccb8df4a0903deb90dda61d01063f4e20f90fcdad022b4bd30f41b7952b323460f99c0655d31b737130e6c37ab5e98d5efee30c04e3
SSDEEP

24576:xWyCOCNQ/WptFdd7vi3kd1ZXb2eP+v3oO:xWyCOatFdJyk5qUaYO

Score

N/A

Malware Config

Signatures

Files

ae03f36310c45959576ab8511843efd23dd94792e3f8370235b26dfdfe8ea238
.exe windows x86

2b28bcc94f1979b2e65fc2cbcbdd85d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
sprintf
ZwQuerySystemInformation
ExFreePoolWithTag
ExAllocateFromPagedLookasideList
ZwOpenProcessToken
RtlUnicodeStringToAnsiSize
IoDeleteDevice
MmGetSystemRoutineAddress
FsRtlNotifyFullReportChange
Exi386InterlockedIncrementLong
FsRtlGetNextMcbEntry
IoGetBootDiskInformation
RtlLargeIntegerNegate
NtConnectPort
MmFreePagesFromMdl
NtSetEvent
FsRtlAllocateFileLock
NtOpenProcess
FsRtlNumberOfRunsInMcb
ObReferenceObjectByName
IoRemoveShareAccess
ObCheckObjectAccess
MmProbeAndLockPages
PfxInsertPrefix
RtlAddRange
InterlockedExchange
FsRtlInitializeLargeMcb
RtlFreeOemString
wcsstr
atoi
RtlGetOwnerSecurityDescriptor
PsSetLoadImageNotifyRoutine
ZwOpenProcess
KeInsertByKeyDeviceQueue
MmUnlockPagableImageSection
IoStatisticsLock
RtlUpcaseUnicodeToCustomCPN
KdDebuggerEnabled
PoRequestPowerIrp
ZwClose
IoCreateDevice
RtlAreBitsClear
RtlInitializeGenericTable
MmUnmapLockedPages
InterlockedIncrement
CcRepinBcb
RtlSetTimeZoneInformation
FsRtlRemoveLargeMcbEntry
IoReportTargetDeviceChange
ZwQueryVolumeInformationFile
RtlNtStatusToDosError
WRITE_REGISTER_BUFFER_UCHAR
KeSetAffinityThread
FsRtlPostPagingFileStackOverflow
RtlSetAllBits
RtlNumberGenericTableElements
ZwCreateSymbolicLinkObject
PoRegisterSystemState
IoDisconnectInterrupt
IoGetRequestorProcessId
ExIsResourceAcquiredExclusiveLite
RtlUpcaseUnicodeStringToCountedOemString
KeQueryInterruptTime
IoCheckFunctionAccess
strcat
KeRegisterBugCheckCallback
ExInitializePagedLookasideList
IoSetDeviceToVerify
LpcPortObjectType
RtlAnsiStringToUnicodeString
KiCoprocessorError
wcscmp
Ke386QueryIoAccessMap
IoReuseIrp
ZwCreateEvent
SeRegisterLogonSessionTerminatedRoutine
IoOpenDeviceInterfaceRegistryKey
ZwSetInformationProcess
IoReleaseRemoveLockAndWaitEx
ObReleaseObjectSecurity
ZwCloseObjectAuditAlarm
IoRegisterDeviceInterface
PsSetProcessPriorityByClass
IoCreateSymbolicLink
IoGetDeviceInterfaceAlias
SeMarkLogonSessionForTerminationNotification
Ke386IoSetAccessProcess
KePulseEvent
SeAppendPrivileges
RtlxUnicodeStringToAnsiSize
FsRtlMdlWriteCompleteDev
FsRtlLookupLargeMcbEntry
ExInterlockedRemoveHeadList
FsRtlPrivateLock
NtQueryDirectoryFile
RtlLookupElementGenericTable
FsRtlNotifyInitializeSync
IoSetFileOrigin
NtSetInformationFile

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b28bcc94f1979b2e65fc2cbcbdd85d8

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 385KB - Virtual size: 384KB

.rdata Size: 512B - Virtual size: 430B

.data Size: 15KB - Virtual size: 23KB

INIT Size: 3KB - Virtual size: 2KB

.reloc Size: 419KB - Virtual size: 418KB

.text
Size: 385KB - Virtual size: 384KB

.rdata
Size: 512B - Virtual size: 430B

.data
Size: 15KB - Virtual size: 23KB

INIT
Size: 3KB - Virtual size: 2KB

.reloc
Size: 419KB - Virtual size: 418KB