73deef480f00ff6ffd82604a5a1764d8cbc71c3de143ca9cdc59eb3495947185

Sharing

Copy URL

Twitter E-mail

General

Target

73deef480f00ff6ffd82604a5a1764d8cbc71c3de143ca9cdc59eb3495947185
Size

181KB
MD5

5bd4fa337af70c0af711e4dc1ba7afe0
SHA1

fe392500e31d9269812dbe98b42f207072620e7c
SHA256

73deef480f00ff6ffd82604a5a1764d8cbc71c3de143ca9cdc59eb3495947185
SHA512

cd602bb610643e17e36c27d7ce0a3fd80cc282afcbbdc56dc4db189cdd4b5c38521e1f2340c64db138fca18700b08320f8a8747c26bc7ba02f8f12010c1e25c2
SSDEEP

3072:blBniD/0X7nG2D9rNm03U8FAfw9W0Flb9IcFsN+msn8REcitf0+R3TKEUx41eR:T/nG2Lk8ifw9WW18REztfDRDEM

Score

N/A

Malware Config

Signatures

Files

73deef480f00ff6ffd82604a5a1764d8cbc71c3de143ca9cdc59eb3495947185
.dll windows x86

ca11ac4e10438fe33823bcacee65b6bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceToVerify
ExRaiseAccessViolation
RtlFindClearBits
DbgPrompt
KefAcquireSpinLockAtDpcLevel
SeQueryAuthenticationIdToken
IoInitializeIrp
IofCompleteRequest
PsGetThreadProcessId
KeBugCheck
KeSynchronizeExecution
KeSaveFloatingPointState
MmMapUserAddressesToPage
FsRtlIsHpfsDbcsLegal
IoWMIWriteEvent
ZwEnumerateKey
RtlInsertUnicodePrefix
KeReleaseSemaphore
HalExamineMBR
IoReleaseCancelSpinLock
RtlClearAllBits
CcMdlRead
ExFreePool
RtlNumberOfClearBits
PsReturnPoolQuota
PsTerminateSystemThread
SeTokenIsAdmin
PsCreateSystemThread
MmIsAddressValid
MmQuerySystemSize
ZwReadFile
ZwSetVolumeInformationFile
RtlAddAccessAllowedAce
PsGetCurrentProcessId
RtlIsNameLegalDOS8Dot3
PsRevertToSelf
KeQueryTimeIncrement
IoCancelIrp
ExAcquireResourceSharedLite
RtlFindClearBitsAndSet
KeSetImportanceDpc
PsGetProcessExitTime
CcRepinBcb
IoWMIRegistrationControl
RtlEqualString
IoThreadToProcess
KeInitializeSemaphore
RtlAnsiCharToUnicodeChar
ExVerifySuite
IoIsSystemThread
IoFreeMdl
CcUnpinDataForThread
IoSetShareAccess
RtlCopyUnicodeString
KeCancelTimer
RtlFindClearRuns
MmIsVerifierEnabled
IoEnumerateDeviceObjectList
KdDisableDebugger
FsRtlLookupLastLargeMcbEntry
RtlValidSecurityDescriptor
IoWriteErrorLogEntry
SeOpenObjectAuditAlarm
RtlValidSid
MmPageEntireDriver
IoIsWdmVersionAvailable
ObfDereferenceObject
FsRtlCheckOplock
IoSetPartitionInformationEx
FsRtlMdlWriteCompleteDev
FsRtlCheckLockForReadAccess
RtlAnsiStringToUnicodeString
KeInitializeTimerEx
ZwCreateEvent
ZwSetSecurityObject
RtlSubAuthoritySid
IoAllocateMdl
ZwUnloadDriver
IoCreateDevice
ExAcquireFastMutexUnsafe
RtlSetBits
IoGetStackLimits
RtlInitString
RtlGetNextRange
ZwQueryObject
RtlLengthSid
MmSizeOfMdl
KeUnstackDetachProcess
KeReadStateMutex
IoQueryDeviceDescription
CcUninitializeCacheMap
KeSetBasePriorityThread
PoRegisterSystemState
CcMdlWriteComplete
RtlCreateRegistryKey
CcFastCopyWrite
CcDeferWrite
FsRtlIsNameInExpression
RtlVolumeDeviceToDosName
MmResetDriverPaging
IoSetPartitionInformation
IoReadDiskSignature
IoGetDeviceAttachmentBaseRef
IoGetBootDiskInformation
KeInitializeQueue
SeDeleteObjectAuditAlarm
PsIsThreadTerminating
ProbeForRead
ExUnregisterCallback
RtlFindLastBackwardRunClear
CcZeroData
KeReadStateEvent
CcSetBcbOwnerPointer
IoRegisterDeviceInterface
RtlxOemStringToUnicodeSize
FsRtlAllocateFileLock
RtlFreeUnicodeString
ZwQuerySymbolicLinkObject
RtlUpcaseUnicodeChar
IoInitializeTimer
CcInitializeCacheMap
KeDetachProcess
KeSetTargetProcessorDpc
IoVolumeDeviceToDosName
IoRemoveShareAccess
ExIsProcessorFeaturePresent
KeGetCurrentThread
FsRtlFreeFileLock
PsSetLoadImageNotifyRoutine
RtlInitAnsiString
CcSetReadAheadGranularity
RtlHashUnicodeString
MmMapIoSpace
IofCallDriver
IoQueryFileInformation
RtlCreateSecurityDescriptor
RtlOemToUnicodeN
RtlCopyString
RtlUnicodeToMultiByteN
MmAddVerifierThunks
RtlCopySid
MmHighestUserAddress
IoAllocateErrorLogEntry
RtlTimeToSecondsSince1980
ZwDeviceIoControlFile
RtlClearBits
CcRemapBcb
RtlInt64ToUnicodeString
KeResetEvent
IoGetDeviceProperty
ExInitializeResourceLite
PsChargeProcessPoolQuota
RtlQueryRegistryValues
MmCanFileBeTruncated
CcGetFileObjectFromBcb
KeSetSystemAffinityThread
FsRtlGetNextFileLock
ZwOpenKey
ObQueryNameString
SeUnlockSubjectContext
KeFlushQueuedDpcs
IoSetThreadHardErrorMode
IoReadPartitionTableEx
MmBuildMdlForNonPagedPool
RtlUpcaseUnicodeToOemN
IoSetStartIoAttributes
RtlEqualUnicodeString
IoCreateSynchronizationEvent
ExQueueWorkItem
RtlInitializeUnicodePrefix
KeReadStateTimer
IoCreateStreamFileObjectLite
ZwCreateSection
IoRegisterFileSystem
ExRaiseDatatypeMisalignment
MmUnmapIoSpace
MmAllocatePagesForMdl
CcUnpinRepinnedBcb
MmAdvanceMdl
IoBuildSynchronousFsdRequest
RtlFindLongestRunClear
CcPinMappedData
RtlTimeToTimeFields
SeQueryInformationToken
CcPinRead
IoStartNextPacket
ObCreateObject
KeSetEvent
RtlNtStatusToDosError
KeSetKernelStackSwapEnable
KeInitializeTimer
CcSetFileSizes
MmUnlockPages
PsGetCurrentProcess
RtlAddAccessAllowedAceEx
RtlRemoveUnicodePrefix
IoDetachDevice
ZwFreeVirtualMemory
ExGetSharedWaiterCount
RtlxUnicodeStringToAnsiSize
IoAllocateIrp
IoDeviceObjectType
PsReferencePrimaryToken
MmMapLockedPages
IoReleaseRemoveLockAndWaitEx
IoReleaseVpbSpinLock
CcMapData
MmIsThisAnNtAsSystem
IoReadPartitionTable
IoUpdateShareAccess
RtlWriteRegistryValue
CcFastMdlReadWait
FsRtlSplitLargeMcb
PsGetCurrentThread
IoStartTimer
RtlFreeAnsiString
IoGetDeviceInterfaceAlias
ZwQueryKey
KeDeregisterBugCheckCallback
KeRegisterBugCheckCallback
IoReleaseRemoveLockEx
IoFreeWorkItem
RtlGUIDFromString
MmProbeAndLockProcessPages
RtlEqualSid
FsRtlNotifyUninitializeSync
IoCreateSymbolicLink
CcPreparePinWrite
KeEnterCriticalRegion
IoOpenDeviceRegistryKey
IoSetDeviceToVerify
PoSetSystemState
KeInitializeMutex
RtlInitUnicodeString
PoCallDriver
SeFreePrivileges
KeBugCheckEx
IoDeleteDevice
CcSetDirtyPinnedData
IoWritePartitionTableEx
ZwPowerInformation
ZwNotifyChangeKey
RtlVerifyVersionInfo
IoCreateNotificationEvent
KeStackAttachProcess
IoStartPacket
ExReleaseFastMutexUnsafe
CcFastCopyRead
CcIsThereDirtyData
ExUuidCreate
RtlPrefixUnicodeString
KePulseEvent
RtlDeleteRegistryValue
IoCheckShareAccess
ProbeForWrite

Exports

Exports

?DispatchCover@@YG_KPAX@Z
?DispatchJoy@@YG_KPAX@Z
?DispatchLevel@@YG_KPAX@Z
?DispatchTarget@@YG_KPAX@Z

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.run
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.irun
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 512B - Virtual size: 203B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qwode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bist
Size: 512B - Virtual size: 387B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prun
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mode
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eode
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aode
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca11ac4e10438fe33823bcacee65b6bd

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.run Size: 1024B - Virtual size: 1024B

.irun Size: 7KB - Virtual size: 6KB

.debug Size: 512B - Virtual size: 203B

.dbg Size: 512B - Virtual size: 54B

.qwode Size: 512B - Virtual size: 64B

.bist Size: 512B - Virtual size: 387B

.prun Size: 12KB - Virtual size: 12KB

.data Size: 6KB - Virtual size: 15KB

.mode Size: 6KB - Virtual size: 5KB

.eode Size: 6KB - Virtual size: 5KB

.aode Size: 3KB - Virtual size: 2KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 4KB - Virtual size: 4KB

.run
Size: 1024B - Virtual size: 1024B

.irun
Size: 7KB - Virtual size: 6KB

.debug
Size: 512B - Virtual size: 203B

.dbg
Size: 512B - Virtual size: 54B

.qwode
Size: 512B - Virtual size: 64B

.bist
Size: 512B - Virtual size: 387B

.prun
Size: 12KB - Virtual size: 12KB

.data
Size: 6KB - Virtual size: 15KB

.mode
Size: 6KB - Virtual size: 5KB

.eode
Size: 6KB - Virtual size: 5KB

.aode
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 512B - Virtual size: 292B