bc8b2e0a9d55ed5c224645cb99bb1583fb8af32cd16ea642ea20abd2c407ec34

General

Target

bc8b2e0a9d55ed5c224645cb99bb1583fb8af32cd16ea642ea20abd2c407ec34
Size

164KB
MD5

9b161b19cf78056ed305f1b0d67b2510
SHA1

1ca0c94c74e3ddd5863211a5e5a3e7f3e568c972
SHA256

bc8b2e0a9d55ed5c224645cb99bb1583fb8af32cd16ea642ea20abd2c407ec34
SHA512

3ef5bb0ff5bcdd36b53aaa211f4c4e9bdccc75786ce66214272b634821f876e688bbebcdce93fff6d44b9cf91f7d09615b49e631547b185d1b78593c7adce108
SSDEEP

1536:vGKFg2lW61/ECTcM7dIfI/ThxlXRK3gkO6W0aRY/JfrhRUmPbGFkPMPqtMZHB9Mv:vt7Ay5dpd97kYbkrhEwMZhmGVoc8DXN

Score

N/A

Malware Config

Signatures

Files

bc8b2e0a9d55ed5c224645cb99bb1583fb8af32cd16ea642ea20abd2c407ec34
.exe windows x86

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

isdigit
InbvCheckDisplayOwnership
wcstombs
PoRegisterSystemState
isupper
memcpy
islower
ZwDuplicateToken
IoSetSystemPartition
ExAcquireSharedStarveExclusive
KeSetIdealProcessorThread
MmGetPhysicalAddress
IoQueryFileDosDeviceName
RtlFindSetBitsAndClear
ExInterlockedExtendZone
NtWriteFile
KeRegisterBugCheckReasonCallback
ExFreePoolWithTag
memchr
towlower
MmRemovePhysicalMemory
_alldvrm
ExDeletePagedLookasideList
ExAcquireSharedWaitForExclusive
strcmp
LpcRequestPort
IoConnectInterrupt
RtlDowncaseUnicodeString
DbgPrint
strrchr
FsRtlIsNameInExpression
MmFreeContiguousMemorySpecifyCache
ZwInitiatePowerAction
ExAllocatePool
strspn
ZwQueryInformationProcess
isspace
RtlImageNtHeader
PsSetProcessPriorityByClass
MmUnsecureVirtualMemory
IoSetPartitionInformation
FsRtlInitializeOplock

Exports

Exports

TmNbpnm
WkpgodaBwuh
RjgdXljfWoxymb
DdYzechRkpbxCvmzio

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.INIT Size: 1KB - Virtual size: 1KB

.rdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 13KB - Virtual size: 13KB

.INIT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 124B