0845b7d339d399c3b2a8153b5d5861ccf1821cc3d4e11f2e37bd102e8615f283

General

Target

0845b7d339d399c3b2a8153b5d5861ccf1821cc3d4e11f2e37bd102e8615f283
Size

183KB
MD5

6754e4053712037df2d57f265234af30
SHA1

be6f901ad5b0a5c0eb00323ae93eee2a8773846c
SHA256

0845b7d339d399c3b2a8153b5d5861ccf1821cc3d4e11f2e37bd102e8615f283
SHA512

4888573e76bf6bb7eaa138bde29cbcb491f4d01a581821fc232e5f9640a5bc55e7923b1318255b604529a4a007dc507cc336bda244896e9b870f57c33e3f57ef
SSDEEP

3072:9GQCezwHxJIdP1WoyCeJ4//E+7mslheiHsI/U+owztYcegkZq9lz7VOfy+1iVyE7:sWwRJitWoydJ4nE+a6hgiU+dOgaq9lz3

Score

N/A

Malware Config

Signatures

Files

0845b7d339d399c3b2a8153b5d5861ccf1821cc3d4e11f2e37bd102e8615f283
.dll windows x86

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCheckQuotaBufferValidity
KeSetSystemAffinityThread
KeLeaveCriticalRegion
KeReadStateMutex
IoReleaseCancelSpinLock
IoFreeMdl
MmIsAddressValid
RtlDelete
CcSetDirtyPinnedData
KeEnterCriticalRegion
ZwWriteFile
ExDeleteNPagedLookasideList
ExSetResourceOwnerPointer
IoConnectInterrupt
ObReferenceObjectByHandle
IoReleaseRemoveLockAndWaitEx
RtlDeleteElementGenericTable
MmCanFileBeTruncated
IoWMIRegistrationControl
RtlCreateSecurityDescriptor
CcSetBcbOwnerPointer
CcPurgeCacheSection
KeInsertHeadQueue
SeQueryInformationToken
IoGetStackLimits
MmSecureVirtualMemory
RtlValidSid
ExRaiseDatatypeMisalignment
MmFreeContiguousMemory
IoFreeErrorLogEntry
RtlUnicodeToOemN
FsRtlCheckLockForReadAccess
IoAllocateWorkItem
MmUnsecureVirtualMemory
ZwOpenSymbolicLinkObject
KeRemoveDeviceQueue
KeSetTargetProcessorDpc
SeAccessCheck
FsRtlMdlWriteCompleteDev
RtlGetNextRange
ZwSetVolumeInformationFile
RtlVolumeDeviceToDosName
KeGetCurrentThread
MmAddVerifierThunks
KeTickCount
RtlFindClearRuns

Exports

Exports

?ValidateStringOriginal@@YGDKPAKPAM<V
?CrtProviderOriginal@@YGPAXKPAFGK<V
?IsNotMutantExW@@YGGN<V
?AddDataOld@@YGXD<V
?AddAppNameOriginal@@YGXPADIEJ<V
?DeleteFolderA@@YGJPANPAK<V

Sections

.text
Size: 31KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d0e2768d702e5fbbba2fca129eac766

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 60KB

.data Size: 16KB - Virtual size: 16KB

.text
Size: 31KB - Virtual size: 60KB

.data
Size: 16KB - Virtual size: 16KB