f7e9b22deece342cf1aba9ff2773f1baf96d4b7adc7f8890fed3ea360a0d39b8

General

Target

f7e9b22deece342cf1aba9ff2773f1baf96d4b7adc7f8890fed3ea360a0d39b8
Size

203KB
MD5

4c7fc966803617c4cecbb104beb247b0
SHA1

4c3d5599d93a40138209c8aba351c4a507ec6d7f
SHA256

f7e9b22deece342cf1aba9ff2773f1baf96d4b7adc7f8890fed3ea360a0d39b8
SHA512

f69182de9c89dce45dd81e64a52db42ee950f64cb6faed70f726d49d9147da17ac49c786afac7022e2c146e088c9c2119a2cf47d957962205f976c54c3d41cf1
SSDEEP

6144:gJCsMWvWjFo5KDj4mx6gCevWjFo5KDj4mx:gd8Fhkfgd8Fhk

Score

N/A

Malware Config

Signatures

Files

f7e9b22deece342cf1aba9ff2773f1baf96d4b7adc7f8890fed3ea360a0d39b8
.dll windows x86

9d6940455a5432728e1f04859d009351

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ExAllocatePool
ExFreePoolWithTag
ZwClose
ZwSetSystemInformation
swprintf
RtlInitUnicodeString
IoCreateDriver
ObMakeTemporaryObject
ExUuidCreate
RtlStringFromGUID
sprintf
RtlFreeUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwCreateFile
ZwQueryInformationFile
KeQuerySystemTime
RtlTimeToTimeFields
ZwDeleteFile
ZwOpenFile
ZwReadFile
RtlIpv4StringToAddressExA
KeInsertQueue
KeRemoveQueue
KeRundownQueue
IoFreeIrp
KeInitializeQueue
ObfReferenceObject
PsCreateSystemThread
ObReferenceObjectByHandle
IoBuildDeviceIoControlRequest
IofCallDriver
ZwOpenSection
ZwMapViewOfSection
MmAllocatePagesForMdl
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmFreePagesFromMdl
ZwUnmapViewOfSection
RtlHashUnicodeString
ExAllocatePoolWithTag
PoStartNextPowerIrp
IofCompleteRequest
PoCallDriver
ObReferenceObjectByName
IoDriverObjectType
IoEnumerateDeviceObjectList
IoCreateDevice
ZwCreateSection
ZwFlushVirtualMemory
ZwOpenKey
ZwEnumerateKey
ZwDeleteKey
ZwQueryKey
IoQueueWorkItem
ZwLoadDriver
ZwQueryDirectoryFile
IoGetRelatedDeviceObject
IoDeleteDevice
RtlPrefixUnicodeString
wcsrchr
IoAllocateWorkItem
KeInitializeTimer
KeInitializeDpc
KeSetTimerEx
_allmul
_allshr
_aullrem
memset
memcpy

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 449B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 962B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d6940455a5432728e1f04859d009351

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 449B

.reloc Size: 1024B - Virtual size: 962B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 449B

.reloc
Size: 1024B - Virtual size: 962B