af45e5a6394408c4a4c256bec210c47bd5bb4eb49bc95ee3b27da2993e4dd709

Sharing

Copy URL

Twitter E-mail

General

Target

af45e5a6394408c4a4c256bec210c47bd5bb4eb49bc95ee3b27da2993e4dd709
Size

28KB
MD5

9dbdd2b08ba949b87dc4fd3ec46f31f0
SHA1

38476b52f979ebfdfe20e267c2e7323fa2da89db
SHA256

af45e5a6394408c4a4c256bec210c47bd5bb4eb49bc95ee3b27da2993e4dd709
SHA512

4660a9c705888a32c0a52a14996219dbaf6a701f1e82d96a54e09a35776ef1a1c9c3e18a133f421843f8c654dcb0035ded791e6b582745cc1857cfaedfc18897
SSDEEP

768:VG+k/3r/OUbes4kbQfsyslEecXqD+nvbRM:hAi/Fk1yslrytndM

Score

N/A

Malware Config

Signatures

Files

af45e5a6394408c4a4c256bec210c47bd5bb4eb49bc95ee3b27da2993e4dd709
.zip
CALLGATE.LIB
CGATEAPP.C
CGATEAPP.MAK
CGATEAPP.MDP
CGATEAPP.NCB
GATE.H
README.TXT
RELEASE/CALLGATE.DLL
.dll windows x86

4a23478f8948059ac181c8eb9f761bf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetLastError
GetCurrentDirectoryA
DeviceIoControl
HeapDestroy
GetCPInfo
GetModuleFileNameA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
CloseHandle
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
SetStdHandle
SetFilePointer
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
LoadLibraryA
FlushFileBuffers

user32

wsprintfA

advapi32

DeleteService
ControlService
OpenSCManagerA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA

Exports

Exports

_CreateCallGate@12
_FreeCallGate@4

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RELEASE/CALLGATE.SYS
.exe windows x86

c615d44bb4c517b8a946783ec8d23d44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoCreateSymbolicLink
vsprintf
KeI386ReleaseGdtSelectors
KeI386SetGdtSelector
KeI386AllocateGdtSelectors
IoDeleteDevice
DbgPrint
RtlInitUnicodeString
IoCreateDevice
IofCompleteRequest
IoDeleteSymbolicLink

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 416B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 192B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RELEASE/CGATEAPP.EXE
.exe windows x86

c7e0c1b0d5d180a6ba25d63e4882a3c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

callgate

_CreateCallGate@12
_FreeCallGate@4

kernel32

SetHandleCount
GetOEMCP
GetCommandLineA
GetVersion
ExitProcess
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
HeapFree
GetFileType
GetStdHandle
GetStartupInfoA
HeapCreate
WriteFile
HeapAlloc
GetProcAddress
LoadLibraryA
GetLastError
FlushFileBuffers
SetFilePointer
SetStdHandle
CloseHandle

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RING0.ASM
RING0.OBJ

Sharing

General

Malware Config

Signatures

Files

4a23478f8948059ac181c8eb9f761bf9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 204B

.data Size: 4KB - Virtual size: 25KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

c615d44bb4c517b8a946783ec8d23d44

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.idata Size: 416B - Virtual size: 386B

.reloc Size: 192B - Virtual size: 166B

c7e0c1b0d5d180a6ba25d63e4882a3c5

Headers

File Characteristics

Imports

callgate

kernel32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 512B - Virtual size: 105B

.data Size: 4KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 892B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 204B

.data
Size: 4KB - Virtual size: 25KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 416B - Virtual size: 386B

.reloc
Size: 192B - Virtual size: 166B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 105B

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 892B

.reloc
Size: 1KB - Virtual size: 1KB