a856bf7c6c74136d039060b62c2fd88d3124621c7cdda77e66f98e3b2f261c13

General

Target

a856bf7c6c74136d039060b62c2fd88d3124621c7cdda77e66f98e3b2f261c13
Size

20KB
MD5

10b2ff5981d117c07ad423497670856f
SHA1

4388bd93dc002176e0624c5890fd85bec528a5fc
SHA256

a856bf7c6c74136d039060b62c2fd88d3124621c7cdda77e66f98e3b2f261c13
SHA512

d5e60423419e637adc3c3bc97fc5e9fb397531ca97c7d94055aa3704471a7a0c55e69645bc81a42564488905b3ac66e1346877d8216a291d7efb738e467a59ff
SSDEEP

384:eul34EF3IGMIIYQsEN+yN/4xtllahJKDETWus6gRZekW781gW:eud4EGG/Istm6qmZeC1

Score

N/A

Malware Config

Signatures

Files

a856bf7c6c74136d039060b62c2fd88d3124621c7cdda77e66f98e3b2f261c13
.exe windows x86

b467db2e2fb0430e89f98e0367f582a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlLookupLastLargeMcbEntry
RtlFindLongestRunClear
CcInitializeCacheMap
ZwQueryInformationProcess
memcpy
ZwDisplayString
ExFreePoolWithTag
KeInsertQueueDpc
IoWritePartitionTableEx
FsRtlInitializeMcb
RtlReserveChunk
READ_REGISTER_BUFFER_ULONG
RtlInt64ToUnicodeString
ExInitializeRundownProtection
ZwCreateFile
RtlAppendUnicodeStringToString
FsRtlIsNtstatusExpected
strlen
DbgPrint
NtDuplicateObject
IoReportResourceForDetection
NtAllocateUuids
KdDebuggerEnabled
FsRtlNotifyFilterChangeDirectory
KeStackAttachProcess
RtlImageNtHeader
IoCreateSymbolicLink
ExAllocatePool
strcmp
CcGetDirtyPages
MmIsAddressValid
CcGetLsnForFileObject
PsRestoreImpersonation

Exports

Exports

IpizcfAcmvvdWqu
OsvFuvvGhbfDn
GfeKmpxvAbljKm

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 909B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b467db2e2fb0430e89f98e0367f582a7

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 909B

.reloc Size: 512B - Virtual size: 92B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 909B

.reloc
Size: 512B - Virtual size: 92B

.rsrc
Size: 3KB - Virtual size: 2KB