ed1a6bbec22036064478dce8338cc28354bccf4e0d4a2baa2af3b94d55dde1f6

General

Target

ed1a6bbec22036064478dce8338cc28354bccf4e0d4a2baa2af3b94d55dde1f6
Size

737KB
MD5

8b4683025689ca47a9027d23d2d292d0
SHA1

e52176e92b486fb1d7fa4b0d4776682b4563d839
SHA256

ed1a6bbec22036064478dce8338cc28354bccf4e0d4a2baa2af3b94d55dde1f6
SHA512

ee4360864ba3f8d7348f732a443a84be45926533d5798ad036b89e6cce2a81b1fe12a1b14f21c04b63ae90caa40d9a3697e44eec15f6749055a9ff3b08630d52
SSDEEP

12288:YXOEdgp4Ovc48rGZXLjD57THLaQzj6GTKIg1HWv5Lqsf0kxacQ1vnqo0hz5g+:YrGBR8rGFFHLl6GTK51H62sckA7Ezy+

Score

N/A

Malware Config

Signatures

Files

ed1a6bbec22036064478dce8338cc28354bccf4e0d4a2baa2af3b94d55dde1f6
.exe windows x86

03608371bfe17cd9bd49346f9cfb0fda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
SeReleaseSecurityDescriptor
_itoa
NtSetInformationThread
RtlInsertUnicodePrefix
ObCheckCreateObjectAccess
RtlGetDaclSecurityDescriptor
RtlMapGenericMask
ExDeletePagedLookasideList
FsRtlProcessFileLock
IoRequestDeviceEject
ZwOpenDirectoryObject
RtlMoveMemory
RtlLookupAtomInAtomTable
ExUnregisterCallback
RtlDeleteNoSplay
IoIsSystemThread
wcscspn
IoRegisterFsRegistrationChange
ExAcquireFastMutexUnsafe
RtlOemStringToUnicodeString
PoRegisterSystemState
RtlCopyUnicodeString
ExUuidCreate
MmQuerySystemSize
MmGetSystemRoutineAddress
RtlCompareMemory
RtlSizeHeap
atoi
ZwOpenEvent
KeUpdateSystemTime
IoCreateDevice
ZwMakeTemporaryObject
towlower
PsJobType
KeServiceDescriptorTable
MmAllocateContiguousMemory
CcPreparePinWrite
NtQueryDirectoryFile
ZwCreateSection
ZwFlushVirtualMemory
RtlImageNtHeader
isxdigit
MmDisableModifiedWriteOfSection
IoInvalidateDeviceState
RtlTraceDatabaseFind
RtlUpcaseUnicodeStringToOemString
PsGetCurrentThreadId
IoCreateSymbolicLink

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03608371bfe17cd9bd49346f9cfb0fda

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 512B - Virtual size: 448B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 392KB - Virtual size: 391KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 512B - Virtual size: 448B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 392KB - Virtual size: 391KB