286403c74dd9dbd5df67a4e8f79a3cb9765cc837755474d7c2d698bc819dcdef

General

Target

286403c74dd9dbd5df67a4e8f79a3cb9765cc837755474d7c2d698bc819dcdef
Size

35KB
MD5

209eba75e5b002de814ecdee4aaa4ab8
SHA1

5ddb0506728441b61c4a55b415ffe9b89634cc8a
SHA256

286403c74dd9dbd5df67a4e8f79a3cb9765cc837755474d7c2d698bc819dcdef
SHA512

ba5c5172336fd5eb1a58666d52186898c9bc609351871d056d7a1bdc8db2d8f2960c4ae2bba2a048191a5907127de53937fd0a094fec13dc99ae30ed909e28a2
SSDEEP

384:Mmxvo8cWyr9Gc8ingMTnV4UfpqqIGKXAWk8Z4:/PcVr0cdv54uzx5Mq

Score

N/A

Malware Config

Signatures

Files

286403c74dd9dbd5df67a4e8f79a3cb9765cc837755474d7c2d698bc819dcdef
.exe windows x86

8d899aad076affa0df9f4663ba76d747

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObOpenObjectByPointer
KeDetachProcess
ZwTerminateProcess
KeAttachProcess
ExFreePoolWithTag
ZwQuerySystemInformation
ExAllocatePool
DbgPrint
PsLookupProcessByProcessId
memcpy
RtlFreeUnicodeString
wcsstr
RtlUpcaseUnicodeString
RtlInitUnicodeString
ZwQueryInformationFile
ZwEnumerateKey
ZwEnumerateValueKey
MmGetSystemRoutineAddress
KeServiceDescriptorTable
ZwReadFile
ZwCreateFile
ZwOpenFile
ZwDeleteFile
RtlQueryRegistryValues
KeDelayExecutionThread
PsCreateSystemThread
ObfDereferenceObject
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
NtMapViewOfSection
ZwAllocateVirtualMemory
MmSectionObjectType
memmove
ZwUnmapViewOfSection
_stricmp
ZwMapViewOfSection
PsGetCurrentProcessId
ZwOpenSection
KeTickCount
KeBugCheckEx
ZwClose
ZwWriteFile
memset
RtlUnwind

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d899aad076affa0df9f4663ba76d747

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 512B - Virtual size: 468B

.data Size: 12KB - Virtual size: 12KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 468B

.data
Size: 12KB - Virtual size: 12KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB