c136d59ab97decaf59b867ccccc4a1e6e110731c99cff186c55fccc0dab18e93

General

Target

c136d59ab97decaf59b867ccccc4a1e6e110731c99cff186c55fccc0dab18e93
Size

183KB
MD5

a024009887b9b5cc70adb4216d8d2310
SHA1

3d23b08ca76fd804863d227f8df9c43baf11aabb
SHA256

c136d59ab97decaf59b867ccccc4a1e6e110731c99cff186c55fccc0dab18e93
SHA512

b5bb53e6a396d25a571b3adfb8212c444eb7ae39898ceeafa68f4ce60b85ecbaa189ceada4b9b0b48bf24b277afa6aab26627d21b92fb805b626dfeb1fb205b9
SSDEEP

3072:H/MwmlorQr1ADeTfuOTTzC5U8MzO9JiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdJ:HRbrQr1DTf7WrMaTiU+dOgaq9lz7VdPT

Score

N/A

Malware Config

Signatures

Files

c136d59ab97decaf59b867ccccc4a1e6e110731c99cff186c55fccc0dab18e93
.dll windows x86

59a6f80bdb873b2bb97a283a2884e7a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoInitializeTimer
ExUnregisterCallback
CcUnpinRepinnedBcb
KeQueryActiveProcessors
ExReleaseFastMutexUnsafe
ExFreePoolWithTag
KeLeaveCriticalRegion
IoRegisterDeviceInterface
VerSetConditionMask
IoBuildPartialMdl
RtlSetDaclSecurityDescriptor
strstr
IoRegisterFileSystem
IoFreeWorkItem
IoCreateFile
IoRemoveShareAccess
RtlTimeFieldsToTime
KeQueryInterruptTime
FsRtlIsNameInExpression
IoAllocateErrorLogEntry
PoSetPowerState
MmSizeOfMdl
IoStopTimer
RtlGUIDFromString
ZwEnumerateValueKey
ExSetResourceOwnerPointer
MmProbeAndLockPages
MmIsThisAnNtAsSystem
READ_REGISTER_BUFFER_USHORT
RtlUnicodeStringToInteger
KdDisableDebugger
CcPinMappedData
FsRtlIsNtstatusExpected
ZwOpenKey
RtlDelete
ExAllocatePool
KeRestoreFloatingPointState
vsprintf
WRITE_REGISTER_BUFFER_UCHAR
RtlCreateAcl
SeAccessCheck
RtlInitUnicodeString
RtlIntegerToUnicodeString
ExGetPreviousMode
ProbeForWrite
CcRepinBcb
IoInvalidateDeviceRelations
CcSetDirtyPinnedData
FsRtlUninitializeLargeMcb
IoFreeErrorLogEntry
IoCancelIrp
strncpy
WRITE_REGISTER_BUFFER_ULONG
IoStartNextPacket
READ_REGISTER_BUFFER_UCHAR
READ_REGISTER_UCHAR
IoGetTopLevelIrp
IoCreateDevice
RtlGenerate8dot3Name
FsRtlNotifyInitializeSync
FsRtlAllocateFileLock
IoStartPacket
KeInitializeTimer
IoVolumeDeviceToDosName
KeGetCurrentThread
ExAcquireResourceSharedLite
ExRaiseDatatypeMisalignment
SeUnlockSubjectContext
RtlDeleteRegistryValue
ExRaiseAccessViolation
IoIsOperationSynchronous
PsCreateSystemThread

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tirg
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a6f80bdb873b2bb97a283a2884e7a9

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 12KB - Virtual size: 12KB

.tirg Size: 11KB - Virtual size: 10KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 12KB - Virtual size: 12KB

.tirg
Size: 11KB - Virtual size: 10KB