4dbd482ccfe87ebecf92892f307f44f2de90294fdb26f00b786b65cd7c54c147

Sharing

Copy URL Twitter E-mail

General

Target

4dbd482ccfe87ebecf92892f307f44f2de90294fdb26f00b786b65cd7c54c147
Size

42KB
MD5

9d7cb4ec07a472c5ea9fb3be8d040e90
SHA1

2bcce493eb44cd4750113b19ae8c652854d88582
SHA256

4dbd482ccfe87ebecf92892f307f44f2de90294fdb26f00b786b65cd7c54c147
SHA512

db981e0deac0a58a3fa7a3f73dc112cae629fffbce38b0f36c7dee5b67014cefe712e57632c740a566ea48fef5ae8e7340a0010d7e63967a79a3a70e358cd28c
SSDEEP

768:/KTy1k74Gxo6mnze7WXFviCEpX//EINdp2pBZkgTbW/2jA0XjYwMetDSv7ZL:/8EbGi66eeb+X//EIp2H+2jglv7

Score

N/A

Malware Config

Signatures

Files

4dbd482ccfe87ebecf92892f307f44f2de90294fdb26f00b786b65cd7c54c147
.dll windows x86

dba5f3505b48e585f5f170fea500717a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
KeDelayExecutionThread
PsCreateSystemThread
ZwEnumerateValueKey
RtlInitUnicodeString
ZwQueryValueKey
ZwOpenKey
IofCompleteRequest
IoGetRequestorProcessId
RtlCopyUnicodeString
KeQuerySystemTime
wcsstr
InterlockedExchange
KeServiceDescriptorTable
ZwOpenFile
ZwCreateFile
KeSetEvent
KePulseEvent
IofCallDriver
wcslen
KeWaitForSingleObject
_except_handler3
PsGetCurrentProcessId
ObfDereferenceObject
IoCreateDevice
IoGetDeviceObjectPointer
IoCancelFileOpen
ZwDeleteValueKey
ObReferenceObjectByHandle
KeWaitForMultipleObjects
InterlockedCompareExchange
ExQueueWorkItem
IoAttachDeviceToDeviceStack
ObQueryNameString
ExFreePool
ExAllocatePoolWithTag
ObfReferenceObject
IoDeleteDevice
IoDetachDevice
IoRegisterFsRegistrationChange
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
IoRegisterShutdownNotification
PsSetCreateProcessNotifyRoutine
KeInitializeMutex
ExFreePoolWithTag
KeReleaseMutex
InterlockedDecrement
IoQueryFileInformation
RtlUpcaseUnicodeChar
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwCreateKey
ZwDeleteKey
DbgPrint
ZwClose
KeInitializeEvent
InterlockedIncrement
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFreeUnicodeString

hal

KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dba5f3505b48e585f5f170fea500717a

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 1024B - Virtual size: 40KB

PAGE Size: 9KB - Virtual size: 8KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 1024B - Virtual size: 40KB

PAGE
Size: 9KB - Virtual size: 8KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 2KB - Virtual size: 2KB