f0872e3d392fbc0ecaa184cc447211570f35cdf79b1d0b00c323a82796f12596

General

Target

f0872e3d392fbc0ecaa184cc447211570f35cdf79b1d0b00c323a82796f12596
Size

73KB
MD5

30942d806f1585d331e215ccfecfd4bd
SHA1

2dc539e2fc72e9d73202cc128e7b3dfb9dd74126
SHA256

f0872e3d392fbc0ecaa184cc447211570f35cdf79b1d0b00c323a82796f12596
SHA512

a12bc74c32dc421827cd52ce09aea1474d1e8aaa0c15871f7b27153f2aacc7d5f7401eabaa4481266041be6ecabe883d9dcd2ecaa977dc751d001328afe3576e
SSDEEP

1536:v3TJJUa9Vxivjchof9zPUxWVnqUvdGKc+UWmID4a91hhK:vDLUuzibchoDlGKc+UBId91hhK

Score

N/A

Malware Config

Signatures

Files

f0872e3d392fbc0ecaa184cc447211570f35cdf79b1d0b00c323a82796f12596
.exe windows x86

217390764001b49c29b9d25354daeeda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapViewInSessionSpace
MmLockPagableDataSection
RtlIntegerToChar
RtlInitString
NtGlobalFlag
MmLockPagableSectionByHandle
RtlImageNtHeader
IoGetBootDiskInformation
ExFreePool
RtlCompareUnicodeString
memcpy
CcPurgeCacheSection
MmIsThisAnNtAsSystem
ExAllocatePool
wctomb
_strrev
IoReleaseVpbSpinLock
IoRegisterPlugPlayNotification
CcMdlReadComplete
ZwOpenFile
ZwCreateSection
RtlAnsiStringToUnicodeString
RtlCopyLuid
RtlFreeUnicodeString
KeSetEventBoostPriority
CcInitializeCacheMap
ZwMapViewOfSection
FsRtlNormalizeNtstatus
NtSetEaFile
FsRtlAllocateFileLock

hal

HalProcessorIdle
HalRequestIpi
HalAcquireDisplayOwnership
HalAssignSlotResources
KeReleaseSpinLock
HalReportResourceUsage
HalSetRealTimeClock
HalInitSystem

Exports

Exports

Gnnshe
JcOcykxJzkplfIzle

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

217390764001b49c29b9d25354daeeda

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 30KB - Virtual size: 94KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 30KB - Virtual size: 94KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 56B