f904300be5cf4402c98c65e1ef92fba2e4b3f5490cd3c23386b643139d196e50

General

Target

f904300be5cf4402c98c65e1ef92fba2e4b3f5490cd3c23386b643139d196e50
Size

444KB
MD5

42f18eb56802b1b5b43b36c6d81ad11d
SHA1

fce5b7b6dc39c0509bd1395477aee787cae3bfba
SHA256

f904300be5cf4402c98c65e1ef92fba2e4b3f5490cd3c23386b643139d196e50
SHA512

098eecd175fa89fe1d4cf589700961dba66ba4eb3367108bf1036fe1c9ec98cbe9f5409b5e03af50443b3d3f07c29fea0f5935352b91b674d757ee81544e22d2
SSDEEP

6144:xxNH8gJyTn15/JZ3fXJvWdG0Dde+8YlQIsq2m1Mfk5PZa6cUsFphaGXK9z9f2+YM:/rJqnfXAM0k+8YlQW1AkjGX+z5HA

Score

N/A

Malware Config

Signatures

Files

f904300be5cf4402c98c65e1ef92fba2e4b3f5490cd3c23386b643139d196e50
.dll windows x86

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

SeCaptureSubjectContext
SeDeleteObjectAuditAlarm
CcDeferWrite
IoBuildPartialMdl
IoFreeIrp
SeTokenIsRestricted
IoCheckShareAccess
IoGetLowerDeviceObject
ZwCreateSection
ZwQuerySymbolicLinkObject
KeEnterCriticalRegion
FsRtlNotifyInitializeSync
IoGetInitialStack
IoWMIRegistrationControl
ZwOpenSymbolicLinkObject
KeReadStateTimer
IoDeviceObjectType
KeGetCurrentThread
RtlGetVersion
MmUnlockPages
IoGetDmaAdapter
RtlUnicodeStringToInteger
SeSetSecurityDescriptorInfo
RtlUpcaseUnicodeString
ExIsProcessorFeaturePresent
RtlIsNameLegalDOS8Dot3
CcGetFileObjectFromBcb
KeInitializeDeviceQueue
ObfReferenceObject
KeDetachProcess
MmCanFileBeTruncated
ObReferenceObjectByPointer
IoThreadToProcess
KeTickCount
IoGetAttachedDevice
IofCallDriver
IoGetDeviceInterfaceAlias
FsRtlDeregisterUncProvider
IoInitializeIrp
DbgBreakPoint
KeLeaveCriticalRegion
RtlCreateSecurityDescriptor
ZwOpenFile
KeInsertByKeyDeviceQueue
IoVerifyVolume
IoDeleteController
CcMdlRead

Exports

Exports

?IsNotPenEx@@YGPAFIGPAJG<V
?DeleteDirectory@@YGXEPAGME<V
?IsNotCommandLineW@@YGPAIGMPAF<V
?PutMessageEx@@YGMPA_N<V
?PutObject@@YGPADFPAMPAJPA_N<V
?EnumConfigExW@

Sections

.text
Size: 63KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 83KB

.text
Size: 63KB - Virtual size: 83KB