2b8a848e735b5780e5c6f7e7367ed80f4f62b21c8c052e1b8f1160f8b4f20d05

Sharing

Copy URL Twitter E-mail

General

Target

2b8a848e735b5780e5c6f7e7367ed80f4f62b21c8c052e1b8f1160f8b4f20d05
Size

331KB
MD5

9c5d83974e7b89d821e4a3850cbaa650
SHA1

3404f329b2c5173ce308fe8071933f80bdd03451
SHA256

2b8a848e735b5780e5c6f7e7367ed80f4f62b21c8c052e1b8f1160f8b4f20d05
SHA512

e433ab8879a61a80e3211946f1f40d6b5c9db11c59ef8920001aed1f6e0811af918832f58864123b64e0f4f1dd23501a1628ced23d15d42c833c5d3566582f7f
SSDEEP

6144:PQVpKOGBGWJBt/izBERetjG8lAcEpfCKbkH1r1N+6KC9MzVZ6HajGFRtQxdWihhk:PQVDGGWJvazHtK8lAFfCv1N+6+V4Hajs

Score

N/A

Malware Config

Signatures

Files

2b8a848e735b5780e5c6f7e7367ed80f4f62b21c8c052e1b8f1160f8b4f20d05
.dll windows x86

2d2969258a3ded08614fbaa7aa5a3612

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlxOemStringToUnicodeSize
KeInitializeDeviceQueue
RtlUpcaseUnicodeToOemN
SeUnlockSubjectContext
KeSynchronizeExecution
IoUpdateShareAccess
RtlxAnsiStringToUnicodeSize
MmBuildMdlForNonPagedPool
RtlCopyLuid
ZwNotifyChangeKey
IoWritePartitionTableEx
ZwReadFile
IoWriteErrorLogEntry
RtlMultiByteToUnicodeN
CcRemapBcb
RtlFindSetBits
IoWMIWriteEvent
RtlCopyString
PoSetSystemState
RtlGenerate8dot3Name
PoUnregisterSystemState
IoRegisterDeviceInterface
MmAdvanceMdl
RtlNumberOfClearBits
IoDeviceObjectType
PsLookupThreadByThreadId
KeQueryInterruptTime
PsImpersonateClient
KeInsertHeadQueue
RtlClearAllBits
IoReleaseRemoveLockAndWaitEx
KdDisableDebugger
KeReleaseMutex
KeGetCurrentThread
IoCreateDisk
KeSetSystemAffinityThread
KeSetImportanceDpc
RtlEqualString
ExUuidCreate
RtlAreBitsSet
KeSetBasePriorityThread
IoGetCurrentProcess
IoAllocateIrp
PsReturnPoolQuota
ExQueueWorkItem
FsRtlMdlWriteCompleteDev
CcMdlWriteComplete
ExAllocatePoolWithQuota
MmMapUserAddressesToPage
ZwOpenSymbolicLinkObject
ExDeleteNPagedLookasideList
ZwDeviceIoControlFile
CcSetDirtyPinnedData
IoSetTopLevelIrp
ZwEnumerateKey
IoGetDmaAdapter
ZwOpenFile
KeSaveFloatingPointState
RtlCopyUnicodeString
SeQueryInformationToken
SeAccessCheck
CcPreparePinWrite
FsRtlLookupLastLargeMcbEntry
IoFreeWorkItem
KeInitializeSemaphore
MmIsVerifierEnabled
ZwCreateEvent
ProbeForRead
IoFreeController
ZwQueryKey
RtlMapGenericMask
RtlInitString
PsGetThreadProcessId
IoGetDeviceInterfaces
CcUninitializeCacheMap
RtlFindNextForwardRunClear
RtlUpperChar
KeSetTargetProcessorDpc
RtlFindClearBits
RtlDeleteRegistryValue
RtlAddAccessAllowedAce
ExGetSharedWaiterCount
IoSetSystemPartition
ExDeleteResourceLite
FsRtlSplitLargeMcb
IoSetPartitionInformationEx
IoAllocateErrorLogEntry
RtlUnicodeToMultiByteN
ObCreateObject
FsRtlIsDbcsInExpression
KeInitializeApc
IoEnumerateDeviceObjectList
IoReleaseRemoveLockEx
ExRaiseAccessViolation
ExRegisterCallback
CcSetFileSizes
PoRequestPowerIrp
RtlVolumeDeviceToDosName
MmGetSystemRoutineAddress
MmIsAddressValid
MmHighestUserAddress
KeFlushQueuedDpcs
IoAcquireCancelSpinLock
KeInitializeMutex
CcPinRead
DbgBreakPointWithStatus
RtlGUIDFromString
ZwWriteFile
KdEnableDebugger
FsRtlCheckLockForReadAccess
CcFastCopyWrite
IoSetPartitionInformation
CcCopyRead
KeInsertDeviceQueue
IoGetRequestorProcess
SeLockSubjectContext
KeReadStateMutex
IoCreateSynchronizationEvent
KeQueryTimeIncrement
RtlVerifyVersionInfo
IoStartPacket
SeFreePrivileges
KeUnstackDetachProcess
ExVerifySuite
PsGetCurrentProcessId
CcSetBcbOwnerPointer
ExAllocatePoolWithTag
ZwCreateDirectoryObject
ExFreePoolWithTag
KeEnterCriticalRegion
ExReleaseFastMutexUnsafe
KeBugCheckEx
FsRtlNotifyUninitializeSync
IoCheckQuotaBufferValidity
CcFastCopyRead
IoReadPartitionTable
RtlSubAuthoritySid
ObfDereferenceObject
ExIsProcessorFeaturePresent
IoGetDeviceToVerify
IoVerifyVolume
KeBugCheck
IoReleaseCancelSpinLock
IoDisconnectInterrupt
FsRtlDeregisterUncProvider
CcSetReadAheadGranularity
RtlInitUnicodeString
IoIsSystemThread
IofCallDriver
IoGetDeviceAttachmentBaseRef
FsRtlCheckOplock
CcRepinBcb
DbgPrompt
KeSetEvent
CcFastMdlReadWait
RtlCreateRegistryKey
RtlFindLongestRunClear
PsGetCurrentProcess
IoReleaseVpbSpinLock
IoStartTimer
MmMapLockedPages
KeRemoveEntryDeviceQueue
IoCreateStreamFileObjectLite
RtlInitializeUnicodePrefix
CcMdlRead
IoStopTimer
CcDeferWrite
PoRegisterSystemState
RtlInt64ToUnicodeString
KeRevertToUserAffinityThread
ZwOpenKey
ObGetObjectSecurity
ZwDeleteKey
SeSetSecurityDescriptorInfo
ZwPowerInformation
IoInitializeTimer
CcMapData
IofCompleteRequest
FsRtlIsTotalDeviceFailure
KeReleaseSemaphore
PsChargeProcessPoolQuota
IoReadDiskSignature
MmForceSectionClosed
FsRtlGetNextFileLock
KeInitializeTimer
IoGetBootDiskInformation
PsReferencePrimaryToken
RtlInitializeGenericTable
ExGetExclusiveWaiterCount
PsTerminateSystemThread
MmPageEntireDriver
SeAssignSecurity
IoSetShareAccess
RtlAddAccessAllowedAceEx
MmSizeOfMdl
KeQuerySystemTime
IoVerifyPartitionTable
RtlEqualSid
ZwFsControlFile
KePulseEvent
RtlWriteRegistryValue
RtlIsNameLegalDOS8Dot3
RtlValidSid
ObMakeTemporaryObject
ZwMapViewOfSection
HalExamineMBR
RtlLengthSid
ObQueryNameString
RtlFindLastBackwardRunClear
CcPinMappedData
SeDeassignSecurity
IoGetStackLimits
RtlHashUnicodeString
PsGetVersion
IoCreateDevice
RtlAnsiCharToUnicodeChar
CcInitializeCacheMap
MmFreeMappingAddress
RtlDowncaseUnicodeString
FsRtlAllocateFileLock
RtlInitializeBitMap
IoBuildSynchronousFsdRequest
RtlSetDaclSecurityDescriptor
IoCancelIrp
CcIsThereDirtyData
IoGetDeviceInterfaceAlias
RtlValidSecurityDescriptor
SeOpenObjectAuditAlarm
RtlSetBits
RtlFindClearRuns
KeDeregisterBugCheckCallback
IoGetTopLevelIrp
KeSetKernelStackSwapEnable
MmIsThisAnNtAsSystem
IoDeleteDevice
IoGetDiskDeviceObject
PoCallDriver
IoMakeAssociatedIrp
IoSetDeviceInterfaceState
ZwSetVolumeInformationFile
ExUnregisterCallback
CcUnpinRepinnedBcb
IoIsWdmVersionAvailable
MmMapIoSpace
MmCanFileBeTruncated
ExCreateCallback
IoGetLowerDeviceObject
ZwQuerySymbolicLinkObject
IoRemoveShareAccess
RtlCreateSecurityDescriptor
CcGetFileObjectFromBcb
RtlTimeToTimeFields

Exports

Exports

?CheckInit@@YG_KPAX@Z
?CloseInit@@YG_KPAX@Z
?FeatureMode1@@YG_KPAX@Z
?FeatureMode2@@YG_KPAX@Z
?FeatureMode3@@YG_KPAX@Z
?FeatureMode4@@YG_KPAX@Z
?FeatureMode@@YG_KPAX@Z
?MeasureWay@@YG_KPAX@Z

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.run
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.irun
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 512B - Virtual size: 331B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.emode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prun
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mode
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d2969258a3ded08614fbaa7aa5a3612

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.run Size: 1024B - Virtual size: 1012B

.irun Size: 7KB - Virtual size: 6KB

.debug Size: 512B - Virtual size: 331B

.emode Size: 512B - Virtual size: 64B

.imode Size: 512B - Virtual size: 64B

.prun Size: 11KB - Virtual size: 11KB

.data Size: 20KB - Virtual size: 26KB

.mode Size: 6KB - Virtual size: 6KB

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 512B - Virtual size: 412B

.text
Size: 4KB - Virtual size: 3KB

.run
Size: 1024B - Virtual size: 1012B

.irun
Size: 7KB - Virtual size: 6KB

.debug
Size: 512B - Virtual size: 331B

.emode
Size: 512B - Virtual size: 64B

.imode
Size: 512B - Virtual size: 64B

.prun
Size: 11KB - Virtual size: 11KB

.data
Size: 20KB - Virtual size: 26KB

.mode
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 512B - Virtual size: 412B