b163dc5482f10a06fb4e891ba5bcf3230f0fc1d8ba175faecf912870f16f7eef

General

Target

b163dc5482f10a06fb4e891ba5bcf3230f0fc1d8ba175faecf912870f16f7eef
Size

130KB
MD5

644e66ebd0b9c94c3787a4bcfb06c4ed
SHA1

2d58b2d952133b352e3a2c1258210e454789d643
SHA256

b163dc5482f10a06fb4e891ba5bcf3230f0fc1d8ba175faecf912870f16f7eef
SHA512

280be64b7958a63ebe250eeb976ecf9fc7defb6d4fef6b810c3c23e4f8c63b6ce69ad1d7814567f8f096453f6e2582b8349a3aaa2aa8035a7be54c9c7d2bbd45
SSDEEP

3072:ZvqsvrsdHqcCB3/NTP0UY26B54kLLu0FPIkX:ZvrvrAePNTPxY244kLLu0+k

Score

N/A

Malware Config

Signatures

Files

b163dc5482f10a06fb4e891ba5bcf3230f0fc1d8ba175faecf912870f16f7eef
.exe windows x86

a24c187baaba782392f01f7f218ac7b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeBugCheckEx
KeWaitForSingleObject
ExFreePoolWithTag
RtlCompareMemory
PoCallDriver
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
IoDetachDevice
IoAllocateIrp
ZwOpenKey
RtlQueryRegistryValues
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
IoAllocateMdl
KeInitializeTimer
IoFreeWorkItem
IoWMIRegistrationControl
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
PsCreateSystemThread
IoGetDeviceProperty
PsTerminateSystemThread
RtlInitAnsiString
IoAcquireRemoveLockEx
RtlUnicodeStringToAnsiString
ObfReferenceObject
IoReleaseRemoveLockEx
ZwCreateKey
KeQueryTimeIncrement
KeInitializeMutex
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
ZwQuerySystemInformation

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a24c187baaba782392f01f7f218ac7b4

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 512B - Virtual size: 164B

.data Size: 27KB - Virtual size: 26KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 1024B - Virtual size: 538B

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 512B - Virtual size: 164B

.data
Size: 27KB - Virtual size: 26KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 1024B - Virtual size: 538B