71623d3f7f3553c9c8f0fbe89473ce60a768eae4c7b3b8df90a0b25de9481d6a

General

Target

71623d3f7f3553c9c8f0fbe89473ce60a768eae4c7b3b8df90a0b25de9481d6a
Size

56KB
MD5

0199bcb4ce258a7b3ccbff7a99f6b6a7
SHA1

db55ac9fe629da55affdbdee5ad28888b70006b2
SHA256

71623d3f7f3553c9c8f0fbe89473ce60a768eae4c7b3b8df90a0b25de9481d6a
SHA512

40839eac43c7e25513bc5ab9229776b727343997b379350d476438518eb12c51eeecb64c5cd2a807789b693fc0b1918cd69a560b3f1404c9c1b57787d0496a13
SSDEEP

1536:gynyxsUtTEpZFbt+DsX5LQLTITYCoXasgVPL1H:gylUtT8/+ULeITY5XasgVPL1

Score

N/A

Malware Config

Signatures

Files

71623d3f7f3553c9c8f0fbe89473ce60a768eae4c7b3b8df90a0b25de9481d6a
.exe windows x86

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

isdigit
InbvCheckDisplayOwnership
wcstombs
PoRegisterSystemState
isupper
memcpy
islower
ZwDuplicateToken
IoSetSystemPartition
ExAcquireSharedStarveExclusive
KeSetIdealProcessorThread
MmGetPhysicalAddress
IoQueryFileDosDeviceName
RtlFindSetBitsAndClear
ExInterlockedExtendZone
NtWriteFile
KeRegisterBugCheckReasonCallback
ExFreePoolWithTag
memchr
towlower
MmRemovePhysicalMemory
_alldvrm
ExDeletePagedLookasideList
ExAcquireSharedWaitForExclusive
strcmp
LpcRequestPort
IoConnectInterrupt
RtlDowncaseUnicodeString
DbgPrint
strrchr
FsRtlIsNameInExpression
MmFreeContiguousMemorySpecifyCache
ZwInitiatePowerAction
ExAllocatePool
strspn
ZwQueryInformationProcess
isspace
RtlImageNtHeader
PsSetProcessPriorityByClass
MmUnsecureVirtualMemory
IoSetPartitionInformation
FsRtlInitializeOplock

Exports

Exports

TmNbpnm
WkpgodaBwuh
RjgdXljfWoxymb
DdYzechRkpbxCvmzio

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b843c1690a96b27d8816f04a898d570

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.INIT Size: 1KB - Virtual size: 1KB

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 14KB - Virtual size: 13KB

.INIT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 124B