bbecc79cfda359b683a9ee80e3846f4622cd2616c474864309eec01296fcaa4d

Sharing

Copy URL Twitter E-mail

General

Target

bbecc79cfda359b683a9ee80e3846f4622cd2616c474864309eec01296fcaa4d
Size

56KB
MD5

49b179953910b2288d39523a2712c950
SHA1

7461ce00d37a8b7bdfdc170ca06e03f1cf602302
SHA256

bbecc79cfda359b683a9ee80e3846f4622cd2616c474864309eec01296fcaa4d
SHA512

a1c85776b0030324c3ce584555dfb8ae8443dfa8e802d3d1c6727e10165612941202b3c694cb50b5d775ec5848f33b5acfeee6c964e7e349634d34ab0969732a
SSDEEP

768:6q4gyT8kYQLo4BE475J1c7avFOlbCYRIIBgc++FdPlL48JVAk7bqMt:z4g68kYQr75JnO7AUb/6

Score

N/A

Malware Config

Signatures

Files

bbecc79cfda359b683a9ee80e3846f4622cd2616c474864309eec01296fcaa4d
.dll windows x86

8a10a0bf6235fd39902a6103275ab1aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareUnicodeString
RtlValidSecurityDescriptor
ExAllocatePoolWithQuota
FsRtlGetNextFileLock
PsImpersonateClient
IoCheckEaBufferValidity
IoSetDeviceToVerify
RtlCreateSecurityDescriptor
PsReturnPoolQuota
IoWriteErrorLogEntry
RtlInitializeGenericTable
IoQueryDeviceDescription
ZwOpenSection
KeSetSystemAffinityThread
RtlFindNextForwardRunClear
RtlClearBits
RtlDeleteRegistryValue
IoGetRelatedDeviceObject
MmHighestUserAddress
MmAllocateMappingAddress
RtlWriteRegistryValue
PsRevertToSelf
KeSetTimer
ExNotifyCallback
IoReportResourceForDetection
IoDeviceObjectType
CcFastMdlReadWait
ExGetExclusiveWaiterCount
ZwOpenSymbolicLinkObject
IoSetPartitionInformation
RtlUnicodeStringToAnsiString
CcGetFileObjectFromBcb
IoGetDeviceInterfaces
IoGetCurrentProcess
RtlAddAccessAllowedAce
ZwQueryValueKey
MmFreeMappingAddress
ObInsertObject
KeInitializeSemaphore
IoIsWdmVersionAvailable
KeSetBasePriorityThread
ZwEnumerateKey
CcUninitializeCacheMap
PsGetCurrentProcessId
CcMdlRead
ObfDereferenceObject
IoSetTopLevelIrp
ZwFlushKey
ZwNotifyChangeKey
ZwQueryVolumeInformationFile
IoFreeIrp
RtlCompareMemory
MmAddVerifierThunks
ExFreePool
IoRaiseHardError
KeQuerySystemTime
RtlAreBitsClear
IoGetStackLimits
KeRemoveEntryDeviceQueue
KeSetEvent
CcFastCopyWrite
ExDeleteNPagedLookasideList
CcMapData
CcCopyRead
PsTerminateSystemThread
MmMapLockedPages
IoAllocateController
IoSetStartIoAttributes
IoGetDeviceObjectPointer
SeDeassignSecurity
KeGetCurrentThread
KeStackAttachProcess
RtlInt64ToUnicodeString
MmUnlockPages
CcSetBcbOwnerPointer
ExGetPreviousMode

Exports

Exports

?DecrementMutexOld@@YGXDPAKD<V
?IncrementObjectOld@@YGXDPA_N<V
?HideDialogNew@@YGPANFG<V
?InsertDialog@@YGEPAEPAE<V
?GenerateStringOld@@YGJN<V
?OnListEx@@YGPAXKE<V

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a10a0bf6235fd39902a6103275ab1aa

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 30KB

.reloc Size: 1024B - Virtual size: 844B

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 30KB

.reloc
Size: 1024B - Virtual size: 844B