c5cf5550ad439e99122b50de82d95af44ea3582e477085abd10872e5f370596f

General

Target

c5cf5550ad439e99122b50de82d95af44ea3582e477085abd10872e5f370596f
Size

20KB
MD5

63e6c14c1fcdcf78c3ab498761fe3d11
SHA1

25a9f283ddd27f647c7edd19b3f7227d097422b9
SHA256

c5cf5550ad439e99122b50de82d95af44ea3582e477085abd10872e5f370596f
SHA512

f5c21c5219843cf2f44cd172526bdcd5d16dcef38e187d6f9eba951bf37a9e39010168b1b8a625448292736fee9a93e6191e7d94f7f7ce2fafa0268f5295a7d2
SSDEEP

384:vsB7zxwn9FqxQzXys1hd0SSino2Uwad1bHenmL:+zynGC1huSSinodF1b+mL

Score

N/A

Malware Config

Signatures

Files

c5cf5550ad439e99122b50de82d95af44ea3582e477085abd10872e5f370596f
.exe windows x86

6931b75cab0a649a828d9bfa990bac84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
PsGetVersion
RtlGetVersion
_strnicmp
ZwClose
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExFreePoolWithTag
ZwWriteFile
ZwReadFile
ExAllocatePool
DbgPrint
ZwQueryInformationFile
ZwSetValueKey
ZwCreateKey
ExInitializePagedLookasideList
ExDeletePagedLookasideList
memcpy
ObReferenceObjectByHandle
RtlInitUnicodeString
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
IoAllocateIrp
KeInitializeEvent
RtlAssert
ObfDereferenceObject
InterlockedPushEntrySList
InterlockedPopEntrySList
MmProbeAndLockPages
IoAllocateMdl
memset
PsTerminateSystemThread
KeDelayExecutionThread
sprintf
MmMapLockedPages
KeUnstackDetachProcess
MmIsAddressValid
KeStackAttachProcess
PsLookupProcessByProcessId
PsCreateSystemThread
KeTickCount
KeBugCheckEx
RtlUnwind

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6931b75cab0a649a828d9bfa990bac84

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 512B - Virtual size: 512B

.data Size: 512B - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1010B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 512B - Virtual size: 512B

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1010B