9362e4badf9357a34fba370db4ab6d8934702dd1f6a4ba62f02e6c740e424103

Sharing

Copy URL Twitter E-mail

General

Target

9362e4badf9357a34fba370db4ab6d8934702dd1f6a4ba62f02e6c740e424103
Size

48KB
MD5

f58c19339ff201e0284889e836fedcc2
SHA1

d143e931f8000bf30c39e164a06ade524d8c17bf
SHA256

9362e4badf9357a34fba370db4ab6d8934702dd1f6a4ba62f02e6c740e424103
SHA512

74c867141d62615642e9c399072675734185949c057d6af5467c2e323e72fd9f78d9d8da2dbb6b16fd7e48215c085626907b13edb52fee81c55105bce86a1e83
SSDEEP

768:J6KqomDTqRMVoBBm4tRfZsUm3xkaXSf0J9aN0+rIYQmQ2H+sgNTDY:JMoITqeVEYkfAbx+rIj72eVNTD

Score

N/A

Malware Config

Signatures

Files

9362e4badf9357a34fba370db4ab6d8934702dd1f6a4ba62f02e6c740e424103
.exe windows x86

4ca7166081f0076ff9b5b9244bd8e097

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwMakeTemporaryObject
ZwCreateDirectoryObject
RtlInitUnicodeString
ExFreePoolWithTag
RtlQueryRegistryValues
RtlAppendUnicodeToString
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoDeleteDevice
KeSetEvent
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
IoCreateDevice
swprintf
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
ExfInterlockedInsertTailList
SeCreateClientSecurity
KeGetCurrentThread
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
MmMapLockedPages
MmAllocatePagesForMdl
sprintf
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
ZwReadFile
ZwWriteFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
RtlUshortByteSwap
IoFreeIrp
IoAllocateMdl
MmProbeAndLockPages
KeDelayExecutionThread
DbgPrint
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Enc0
Size: - Virtual size: 496B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Enc1
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.Enc2
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ca7166081f0076ff9b5b9244bd8e097

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: - Virtual size: 4KB

.data Size: - Virtual size: 4B

PAGE Size: - Virtual size: 1KB

INIT Size: - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 896B

.Enc0 Size: - Virtual size: 496B

.Enc1 Size: - Virtual size: 12KB

.Enc2 Size: 36KB - Virtual size: 33KB

.reloc Size: 4KB - Virtual size: 48B

.text
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 4B

PAGE
Size: - Virtual size: 1KB

INIT
Size: - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 896B

.Enc0
Size: - Virtual size: 496B

.Enc1
Size: - Virtual size: 12KB

.Enc2
Size: 36KB - Virtual size: 33KB

.reloc
Size: 4KB - Virtual size: 48B