cd5978be06ffae03409e3a259351ae38921a2ec592d2f9281e8164b895e12bd2

Sharing

Copy URL Twitter E-mail

General

Target

cd5978be06ffae03409e3a259351ae38921a2ec592d2f9281e8164b895e12bd2
Size

32KB
MD5

f08e97cdbc93dee0ec2bbca0246dc409
SHA1

1a8c1d44219fa6ac322f45c4d325dc7f5230f47a
SHA256

cd5978be06ffae03409e3a259351ae38921a2ec592d2f9281e8164b895e12bd2
SHA512

63cb99cb26444f7301858bbf0d3f31062f4f634f3280d47e4ee38a7c85f0cebbe6ed5d366db2fec3c646762e6084511cc86db44bddf7e04db32c74cbeeb7eb3c
SSDEEP

768:xT6nhZkvVrQ8c4/zHY/ZfNshsFWeLaKBHbhZ/aw4AQqnDf:N6sQ87/+lGKjQqD

Score

N/A

Malware Config

Signatures

Files

cd5978be06ffae03409e3a259351ae38921a2ec592d2f9281e8164b895e12bd2
.dll windows x86

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmUnmapLockedPages
MmProtectMdlSystemAddress
MmAddVerifierThunks
MmAllocateMappingAddress
MmAdvanceMdl
RtlSubtreePredecessor
RtlRealSuccessor
RtlStringFromGUID
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
ZwFsControlFile
ZwQueryFullAttributesFile
VerSetConditionMask
_wcsnicmp
ZwMapViewOfSection
RtlIntegerToUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
_strupr
wcsncat
RtlCompareString
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
wcsspn
ZwOpenFile
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
MmUnmapViewInSessionSpace

Exports

Exports

__ZwAllocateVirtualMemory@4
__ZwFreeVirtualMemory@8
__ZwWaitForSingleObject@4

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.excode
Size: 512B - Virtual size: 347B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.excode Size: 512B - Virtual size: 347B

.rdata Size: 1024B - Virtual size: 580B

.pdata Size: 16KB - Virtual size: 16KB

.edata Size: 512B - Virtual size: 162B

INIT Size: 1024B - Virtual size: 882B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 362B

.text
Size: 5KB - Virtual size: 4KB

.excode
Size: 512B - Virtual size: 347B

.rdata
Size: 1024B - Virtual size: 580B

.pdata
Size: 16KB - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 162B

INIT
Size: 1024B - Virtual size: 882B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 362B