9a68ccd9599eae355293b26b711ae4aad89b25a6e13ee2afbbb7e7e5bdf944fb

General

Target

9a68ccd9599eae355293b26b711ae4aad89b25a6e13ee2afbbb7e7e5bdf944fb
Size

19KB
MD5

478564cb8d94e0dd1a1f7090b7e49639
SHA1

476de0e2a68a6d937a699ba81f8ea7ba61a73a18
SHA256

9a68ccd9599eae355293b26b711ae4aad89b25a6e13ee2afbbb7e7e5bdf944fb
SHA512

81bf8a4d92a8da3dc46191f934365b2798a0b68f548ff39fabf2f74b9a98f6192ae7bb68f0aa874c915c13f01211ecc1b322861fe70b763aedfbb3a1795a795b
SSDEEP

384:NyxrF88le3WkjI8wARK4PbFBSWDUmxVcjlln47nPJcerzV6Xxa3:NsrF88lemkj9wkKqbFBSWQmcA7nP5UY3

Score

N/A

Malware Config

Signatures

Files

9a68ccd9599eae355293b26b711ae4aad89b25a6e13ee2afbbb7e7e5bdf944fb
.exe windows x86

a7cf8e42a3290999705596be61a12055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeRundownProtection
ZwQueryInformationProcess
RtlFindLongestRunClear
PsRestoreImpersonation
memcpy
CcPinMappedData
FsRtlInitializeMcb
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
IoReportResourceForDetection
CcGetDirtyPages
FsRtlNotifyFilterChangeDirectory
ExFreePoolWithTag
KeInsertQueueDpc
MmIsAddressValid
FsRtlIsNtstatusExpected
NtDuplicateObject
RtlInt64ToUnicodeString
NtAllocateUuids
DbgPrint
READ_REGISTER_BUFFER_ULONG
ZwCreateFile
RtlReserveChunk
FsRtlLookupLastLargeMcbEntry
ZwDisplayString
CcPinRead
KeStackAttachProcess
RtlImageNtHeader
IoWritePartitionTableEx
KdDebuggerEnabled
ExAllocatePool
strcmp

Exports

Exports

WoyCnwaIhmpk
OgsweglTguefMoyqm
FyeilcVfiuevsZkidrv

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 879B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7cf8e42a3290999705596be61a12055

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 879B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 78B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 879B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 78B