a8ddafde73ddd44d254aba76c82b1b971c53bb78b175eed35af7a847b6099ff1

General

Target

a8ddafde73ddd44d254aba76c82b1b971c53bb78b175eed35af7a847b6099ff1
Size

19KB
MD5

4a18d92ae65bd04595d1444788b50bf6
SHA1

939b77ff1fd4a507505a56384be7ee6bca6c772c
SHA256

a8ddafde73ddd44d254aba76c82b1b971c53bb78b175eed35af7a847b6099ff1
SHA512

64fe3bd3d9184151045360d5c07e461831e532337239ff35cc0da75dc8d370d2afbf4b89f9a20b7575612928dd9175479d7608a45a509e05d9839aa39b04c01d
SSDEEP

384:Me2zr4g0w9o7nopkAyw8qKYnMognqdFA7JAaPr610GuSFcg:dy1jxAT2Momq30Y9uC

Score

N/A

Malware Config

Signatures

Files

a8ddafde73ddd44d254aba76c82b1b971c53bb78b175eed35af7a847b6099ff1
.exe windows x86

74f59ecd77e23ba9b9961467b5bf75c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeRundownProtection
RtlImageNtHeader
RtlFindLongestRunClear
PsRestoreImpersonation
strcmp
CcRemapBcb
FsRtlInitializeMcb
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
IoReportResourceForDetection
CcGetDirtyPages
FsRtlNotifyFilterChangeDirectory
CcPurgeCacheSection
KeInsertQueueDpc
MmIsAddressValid
FsRtlIsNtstatusExpected
NtDuplicateObject
RtlInt64ToUnicodeString
NtAllocateUuids
ExFreePoolWithTag
READ_REGISTER_BUFFER_ULONG
ZwCreateFile
RtlReserveChunk
FsRtlLookupLastLargeMcbEntry
ZwDisplayString
ZwQueryInformationProcess
KeStackAttachProcess
DbgPrint
IoWritePartitionTableEx
KdDebuggerEnabled
ExAllocatePool
strchr

Exports

Exports

WoyCnwaIhmpk
OgsweglTguefMoyqm
FyeilcVfiuevsZkidrv

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74f59ecd77e23ba9b9961467b5bf75c8

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 884B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 80B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 884B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 80B