e554a80c134cc9c2a2d5ddbca4caf8a0823425490f75f4672baf74ec3a51343c

Sharing

Copy URL

Twitter E-mail

General

Target

e554a80c134cc9c2a2d5ddbca4caf8a0823425490f75f4672baf74ec3a51343c
Size

73KB
MD5

b7537626c90d71fc2fce3bbe2038bafe
SHA1

64fa7bc93c1a11b7213f1d5bbf9fecd235772b71
SHA256

e554a80c134cc9c2a2d5ddbca4caf8a0823425490f75f4672baf74ec3a51343c
SHA512

007e5f0ccf130a91f8c87efde6092d2551a6d2344e1efd8cb9e59d5cef94639765a3b3ccd6f5793dbdc48f545cfcd7de512c51b7d9c22a457196000b39b60dae
SSDEEP

1536:XESqjNKOm+sRGzJ09HhpzLYVQRPsyzvUgR9oQyot1E:XESqjNKM5zJ09HvYVQRkBVot1E

Score

N/A

Malware Config

Signatures

Files

e554a80c134cc9c2a2d5ddbca4caf8a0823425490f75f4672baf74ec3a51343c
.dll windows x86

df9e3d52179a95cd091f135f9ccf18e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlOemToUnicodeN
IoReadPartitionTableEx
MmAllocatePagesForMdl
PsRevertToSelf
KeRestoreFloatingPointState
RtlDelete
MmResetDriverPaging
KeFlushQueuedDpcs
IoStartPacket
IoReadDiskSignature
CcFastMdlReadWait
CcCanIWrite
CcDeferWrite
FsRtlIsHpfsDbcsLegal
CcGetFileObjectFromBcb
RtlUnicodeStringToOemString
MmMapLockedPages
ExAllocatePoolWithQuotaTag
KeSetEvent
RtlUpperChar
HalExamineMBR
PoSetSystemState
SeLockSubjectContext
CcUnpinDataForThread
RtlLengthSecurityDescriptor
KeBugCheckEx
IoRaiseHardError
PoSetPowerState
ZwWriteFile
IoAllocateAdapterChannel
KeGetCurrentThread
PsCreateSystemThread
ObOpenObjectByPointer
MmForceSectionClosed
RtlGUIDFromString
ZwFsControlFile
RtlFreeOemString
IoCreateFile
ZwClose
SeQueryAuthenticationIdToken
FsRtlFastCheckLockForRead
KeSetImportanceDpc
ZwSetSecurityObject
DbgPrompt
RtlNtStatusToDosError
MmPageEntireDriver
CcUnpinData
RtlInitString
ZwOpenProcess
CcSetReadAheadGranularity
RtlVolumeDeviceToDosName
PsGetCurrentProcess
RtlSetBits
KeReadStateEvent
SePrivilegeCheck
IoQueryDeviceDescription
KeSetPriorityThread
SeDeassignSecurity
FsRtlGetNextFileLock
IoInitializeIrp
FsRtlFastUnlockSingle
IoSetDeviceToVerify
RtlSetDaclSecurityDescriptor
IoSetThreadHardErrorMode
ZwMapViewOfSection
MmIsVerifierEnabled
IoGetAttachedDevice
KeQueryTimeIncrement
CcZeroData
RtlCreateRegistryKey
IoGetStackLimits
CcPinMappedData
RtlFreeUnicodeString
PoUnregisterSystemState
RtlFindLeastSignificantBit
SeFilterToken
MmLockPagableDataSection
KeRemoveDeviceQueue
IoCreateDevice
MmHighestUserAddress
IoCsqRemoveIrp
PsLookupProcessByProcessId
KeInitializeSpinLock
RtlFindSetBits
FsRtlCheckOplock
PoRequestPowerIrp
CcSetBcbOwnerPointer
KeSetKernelStackSwapEnable
RtlClearBits
RtlCharToInteger
IoFreeIrp
RtlSplay
MmMapUserAddressesToPage
KeReadStateSemaphore
IoSetPartitionInformationEx
IoGetAttachedDeviceReference
KeRemoveByKeyDeviceQueue
PoStartNextPowerIrp
KeDetachProcess
ZwNotifyChangeKey
FsRtlIsFatDbcsLegal
PsSetLoadImageNotifyRoutine
ObReferenceObjectByHandle
RtlInitializeBitMap
MmSetAddressRangeModified
RtlCompareMemory
IoFreeController
SeCreateClientSecurity
KeSetBasePriorityThread
FsRtlNotifyUninitializeSync
IoEnumerateDeviceObjectList
KeInitializeTimerEx
ExUuidCreate
KeWaitForMultipleObjects
PsChargeProcessPoolQuota
IoSetPartitionInformation
ObfDereferenceObject
KeRemoveQueue
RtlMapGenericMask
RtlInitUnicodeString
MmGetPhysicalAddress
RtlHashUnicodeString
ObGetObjectSecurity
MmUnlockPages
RtlFindClearRuns
ZwMakeTemporaryObject
PsGetCurrentProcessId
IoBuildSynchronousFsdRequest
IoInvalidateDeviceState
RtlAddAccessAllowedAceEx
RtlEqualUnicodeString
IoRequestDeviceEject
IoReleaseRemoveLockAndWaitEx
IoRegisterFileSystem
ExIsProcessorFeaturePresent
ZwOpenFile
IoCreateStreamFileObject
ExInitializeResourceLite
IoBuildPartialMdl
RtlAppendUnicodeToString
PsGetThreadProcessId
ZwDeleteValueKey
ZwFreeVirtualMemory
SeUnlockSubjectContext
IoInvalidateDeviceRelations
IoSetDeviceInterfaceState
IoCreateSynchronizationEvent
ExReinitializeResourceLite
IoConnectInterrupt
RtlQueryRegistryValues
DbgBreakPointWithStatus
ZwPowerInformation
ExUnregisterCallback
MmQuerySystemSize
RtlExtendedIntegerMultiply
ZwCreateFile
ExRaiseDatatypeMisalignment
IoQueryFileDosDeviceName
MmAdvanceMdl
SeDeleteObjectAuditAlarm
MmIsDriverVerifying
IoRegisterDeviceInterface
IoFreeWorkItem
CcRepinBcb
IoUpdateShareAccess
IoCreateDisk
ZwFlushKey
SeCaptureSubjectContext
FsRtlDeregisterUncProvider
IoThreadToProcess
ZwAllocateVirtualMemory
IoGetDiskDeviceObject
CcCopyRead
RtlCheckRegistryKey
IoStartTimer
RtlDeleteRegistryValue
MmSecureVirtualMemory
CcRemapBcb
ZwLoadDriver
MmAllocateContiguousMemory
RtlRandom
IoIsOperationSynchronous
KeQueryInterruptTime
RtlEqualString
KeInsertQueue
KefAcquireSpinLockAtDpcLevel
KeRegisterBugCheckCallback
IoAllocateIrp
RtlCreateSecurityDescriptor
KeInitializeEvent
CcMapData
PsGetCurrentThread
FsRtlCheckLockForReadAccess
RtlFindLongestRunClear
RtlMultiByteToUnicodeN
RtlNumberOfClearBits
KeInitializeTimer
MmAllocateNonCachedMemory
ZwCreateSection
ExRaiseStatus
ZwCreateKey
KeInitializeMutex
IoCreateSymbolicLink
CcPinRead
PsLookupThreadByThreadId
PsGetVersion
ExDeletePagedLookasideList
RtlCreateAcl
RtlAddAccessAllowedAce
IoSetSystemPartition
MmUnsecureVirtualMemory
ExSetResourceOwnerPointer
IoGetDeviceObjectPointer
KeInsertDeviceQueue
IoAcquireRemoveLockEx
ExGetExclusiveWaiterCount
ExQueueWorkItem
MmIsThisAnNtAsSystem
CcFastCopyRead
KeDelayExecutionThread
ExLocalTimeToSystemTime
RtlAreBitsClear
ZwSetVolumeInformationFile
RtlUnicodeStringToInteger
RtlUnicodeToOemN
SeOpenObjectAuditAlarm
PsReferencePrimaryToken
SeImpersonateClientEx
ObInsertObject
IofCompleteRequest
IoIsSystemThread
PsIsThreadTerminating
VerSetConditionMask
RtlAreBitsSet
FsRtlSplitLargeMcb
MmIsAddressValid
KeSynchronizeExecution
ZwCreateDirectoryObject
RtlAppendStringToString
IoCreateStreamFileObjectLite
PoRegisterSystemState
KeClearEvent
CcFlushCache
SeFreePrivileges
ExAllocatePoolWithTag
IoDisconnectInterrupt
RtlIsNameLegalDOS8Dot3
KeWaitForSingleObject
ObReferenceObjectByPointer
IoWMIRegistrationControl
IoSetHardErrorOrVerifyDevice
MmProbeAndLockProcessPages
KeInitializeQueue
RtlOemStringToUnicodeString
IoCheckQuotaBufferValidity
ExGetPreviousMode
IoMakeAssociatedIrp
MmAddVerifierThunks
FsRtlIsTotalDeviceFailure
FsRtlLookupLastLargeMcbEntry
PsDereferencePrimaryToken
ZwOpenKey
ExAllocatePool
RtlUpcaseUnicodeChar
RtlCopyString
RtlDowncaseUnicodeString
IoGetDeviceAttachmentBaseRef
IoCheckEaBufferValidity
IoSetShareAccess
CcSetDirtyPinnedData
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
MmMapIoSpace
ExRaiseAccessViolation
KeSetTargetProcessorDpc
IoAcquireCancelSpinLock
strlen
KeReleaseSemaphore
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
MmFlushImageSection
PsGetCurrentThreadId
IoAcquireVpbSpinLock
IoDetachDevice
FsRtlMdlWriteCompleteDev
IoWriteErrorLogEntry
MmFreePagesFromMdl
IoReadPartitionTable
RtlxAnsiStringToUnicodeSize
SeSinglePrivilegeCheck
IoDeleteSymbolicLink
FsRtlAllocateFileLock
KeRevertToUserAffinityThread
RtlAnsiCharToUnicodeChar
IoVolumeDeviceToDosName
RtlStringFromGUID
ZwOpenSection
ZwQuerySymbolicLinkObject
ZwQueryVolumeInformationFile
CcPurgeCacheSection
RtlInitializeGenericTable
SeAccessCheck
MmAllocateMappingAddress
IoAllocateController
RtlxUnicodeStringToAnsiSize
IoGetDeviceProperty
CcUninitializeCacheMap
CcUnpinRepinnedBcb
IoDeleteController
RtlRemoveUnicodePrefix
RtlClearAllBits
KeCancelTimer
ExSetTimerResolution
IoCreateNotificationEvent
ZwDeviceIoControlFile
ExReleaseResourceLite
FsRtlCheckLockForWriteAccess
RtlSetAllBits
MmLockPagableSectionByHandle
FsRtlFreeFileLock
RtlLengthRequiredSid

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gghgfg
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gffhfd
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack5
Size: 1024B - Virtual size: 543B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack3
Size: 1024B - Virtual size: 825B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack2
Size: 1024B - Virtual size: 825B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df9e3d52179a95cd091f135f9ccf18e3

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.text Size: 9KB - Virtual size: 8KB

.text Size: 512B - Virtual size: 512B

.text Size: 24KB - Virtual size: 23KB

.gghgfg Size: 15KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 1KB

.gffhfd Size: - Virtual size: 9KB

.pack5 Size: 1024B - Virtual size: 543B

.pack4 Size: 1KB - Virtual size: 1KB

.pack3 Size: 1024B - Virtual size: 825B

.pack2 Size: 1024B - Virtual size: 825B

.pack1 Size: 1KB - Virtual size: 1KB

.pack0 Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 162B

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.text
Size: 512B - Virtual size: 512B

.text
Size: 24KB - Virtual size: 23KB

.gghgfg
Size: 15KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 1KB

.gffhfd
Size: - Virtual size: 9KB

.pack5
Size: 1024B - Virtual size: 543B

.pack4
Size: 1KB - Virtual size: 1KB

.pack3
Size: 1024B - Virtual size: 825B

.pack2
Size: 1024B - Virtual size: 825B

.pack1
Size: 1KB - Virtual size: 1KB

.pack0
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 162B

.reloc
Size: 1024B - Virtual size: 816B