c381eabb97c1e1dd3aa69378753d005f5cf894ddf15d8537e715b3748c94297b

General

Target

c381eabb97c1e1dd3aa69378753d005f5cf894ddf15d8537e715b3748c94297b
Size

22KB
MD5

a17d16dbf92ca12d2ade5caaf8f488f3
SHA1

cf7e739105e29cb7a7eeb260ad6ead34a9a01607
SHA256

c381eabb97c1e1dd3aa69378753d005f5cf894ddf15d8537e715b3748c94297b
SHA512

c116eb0b001c0e29708f39d46c9c8526940b436487ea70df11f1ba8c25ffb2f42fc5d26cd2a602de696990219f849cec68d13fe620d43843510e59ab23f0ce08
SSDEEP

384:cA5a8jlB3B8Y+HS9OuQvjLRep6lRcIbYLKq+j+mgmIkpJnXKU2YoT:cyFjR8PHcOT7Ve+RbbqwwPkpJnXKU2YC

Score

N/A

Malware Config

Signatures

Files

c381eabb97c1e1dd3aa69378753d005f5cf894ddf15d8537e715b3748c94297b
.exe windows x86

1334c03f485e4b9d88a8ece9142c9b9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlCopyWrite
CcSetLogHandleForFile
ZwDeleteValueKey
ExFreePool
wcsncmp
mbtowc
ExInitializePagedLookasideList
CcPrepareMdlWrite
FsRtlUninitializeLargeMcb
ExAllocatePool
ExInterlockedAddLargeInteger
KefReleaseSpinLockFromDpcLevel
PsGetVersion
RtlDeleteRange
ZwQueryDefaultLocale
ZwQueryInformationFile
KeIsExecutingDpc
ExInterlockedInsertTailList
_wcsicmp
KeReleaseMutex
KeAcquireSpinLockAtDpcLevel
DbgPrint
MmUnmapViewOfSection
NtSetQuotaInformationFile
RtlLookupElementGenericTableFull
IoAttachDeviceToDeviceStack

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.bac
Size: 512B - Virtual size: 260B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cab
Size: 512B - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1334c03f485e4b9d88a8ece9142c9b9c

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

ILIT Size: 1024B - Virtual size: 614B

.bac Size: 512B - Virtual size: 260B

.cab Size: 512B - Virtual size: 52B

.data Size: 512B - Virtual size: 340B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

ILIT
Size: 1024B - Virtual size: 614B

.bac
Size: 512B - Virtual size: 260B

.cab
Size: 512B - Virtual size: 52B

.data
Size: 512B - Virtual size: 340B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 24B