c856388d08adfe086878de4503d77ddd28ffc75a1e1d64eff67b240ead30696a

General

Target

c856388d08adfe086878de4503d77ddd28ffc75a1e1d64eff67b240ead30696a
Size

42KB
MD5

2a3f6b781c83f03d6940c84d7810b900
SHA1

a771bbc261dab54d41aaaf272e80047372b02316
SHA256

c856388d08adfe086878de4503d77ddd28ffc75a1e1d64eff67b240ead30696a
SHA512

97cbbe3a0700d8f7751fe01d6002783ab17f762e55e5e0f43cd4d4ff0470f21c5b73783b9afa7b1dfcd892972150c78c7679ef3c9df3a42a6cf7c1cb69e5a1bc
SSDEEP

768:738AYxsPIvbEwGAkg7qpbyMfMHyCozmP43kDteX0sH7lC9eHrRpE7ElbZTfp:oAtQDEwG6OQn4deteX0uB0urRpPl5

Score

N/A

Malware Config

Signatures

Files

c856388d08adfe086878de4503d77ddd28ffc75a1e1d64eff67b240ead30696a
.dll windows x86

15806d78447438ce129a9faa88fb7c30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmResetDriverPaging
MmUnlockPagableImageSection
MmPageEntireDriver
MmCreateMdl
MmLockPagableDataSection
VerSetConditionMask
MmMapVideoDisplay
RtlSetDaclSecurityDescriptor
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
RtlFreeUnicodeString
ZwSetEvent
KeGetCurrentThread
_vsnwprintf
ZwDuplicateObject
RtlFreeAnsiString
RtlCopyString
_wcsrev
RtlCompareMemory
RtlEqualString
strrchr
KeTickCount
wcsspn
ZwQueryInformationFile
DbgPrintEx
ZwEnumerateKey
RtlInitializeGenericTable
memset

Exports

Exports

__NtQueryInformationFile@4
__NtQueryQuotaInformationFile@0
__NtQueryVolumeInformationFile@4

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ex_dat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15806d78447438ce129a9faa88fb7c30

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.ex_dat Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 356B

PAGE Size: 21KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 444B

.text
Size: 3KB - Virtual size: 2KB

.ex_dat
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 356B

PAGE
Size: 21KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 444B