9b70d6ae7cbbc678eb8a1dd9fd20d745acd781b3fab64724a20f0acb3471ae3c

General

Target

9b70d6ae7cbbc678eb8a1dd9fd20d745acd781b3fab64724a20f0acb3471ae3c
Size

19KB
MD5

07292d75af6ced1146246ea352ba2be8
SHA1

aecb9cb8e2d1d3ecee177441a613b16a7816caf2
SHA256

9b70d6ae7cbbc678eb8a1dd9fd20d745acd781b3fab64724a20f0acb3471ae3c
SHA512

99dbe817edf87331970f03ea39739d6c9137bacceb3b6ec494cc3a57b0045e7a45538ef1249dbeb64d7ba8f44ceb4e0388239dddfb86c9d626261528c4aebf4a
SSDEEP

384:enplWoqIQnf1TSuuMqeO4Mcci5PVMoBhtrzwlCJuqM:eplWoonzuMq5U56UPwEJ

Score

N/A

Malware Config

Signatures

Files

9b70d6ae7cbbc678eb8a1dd9fd20d745acd781b3fab64724a20f0acb3471ae3c
.exe windows x86

8fee1e08fa6e1c4ae0000b31b4882195

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlLookupLastLargeMcbEntry
RtlFindLongestRunClear
CcGetDirtyPages
CcGetFileObjectFromBcb
DbgPrint
ZwDisplayString
memcpy
KeInsertQueueDpc
IoWritePartitionTableEx
FsRtlInitializeMcb
RtlReserveChunk
READ_REGISTER_BUFFER_ULONG
RtlInt64ToUnicodeString
ExInitializeRundownProtection
ZwCreateFile
RtlAppendUnicodeStringToString
FsRtlIsNtstatusExpected
ZwSetInformationFile
strlen
NtDuplicateObject
IoReportResourceForDetection
NtAllocateUuids
KdDebuggerEnabled
FsRtlNotifyFilterChangeDirectory
KeStackAttachProcess
RtlImageNtHeader
IoCreateSymbolicLink
ExAllocatePool
strcmp
CcGetDirtyPages
MmIsAddressValid
ExFreePoolWithTag
PsRestoreImpersonation

Exports

Exports

RvbzXev
SsUihzQw
ZdqzsyPfvvBn

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fee1e08fa6e1c4ae0000b31b4882195

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 920B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 76B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 920B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 76B