c4e64e943df75c44b8c3da7e22c91e5864d307606d41094cf9d8aaebdeb77baa

General

Target

c4e64e943df75c44b8c3da7e22c91e5864d307606d41094cf9d8aaebdeb77baa
Size

8KB
MD5

e4c81a390af2e94b58accfa8ffb829bd
SHA1

2b8bcb2c255cc70243a815a8459a7612a96b0d2f
SHA256

c4e64e943df75c44b8c3da7e22c91e5864d307606d41094cf9d8aaebdeb77baa
SHA512

477e51e27eb6f959b1e8fa6b85b74f3844c08966698a98ff0d8d5673983db92ec816f6b1e4c601601da60ad61fa72f5ca5db13f3e936677d4b54954083260756
SSDEEP

192:/8+6H3ALc1rqS9KDIBFwb9UjhBrBR9jWaTWD:n83lkuCUjb1RFWaTW

Score

N/A

Malware Config

Signatures

Files

c4e64e943df75c44b8c3da7e22c91e5864d307606d41094cf9d8aaebdeb77baa
.exe windows x86

87b7e1279f2034b278af243a34028113

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcsstr
ZwQueryValueKey
memset
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ExFreePool
_snwprintf
ZwEnumerateKey
ExAllocatePoolWithTag
KeDelayExecutionThread
_strnicmp
strlen
ZwWriteFile
sprintf
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
wcslen
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
PsGetVersion
IoRegisterDriverReinitialization
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
memcpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
KeServiceDescriptorTable

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 609B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87b7e1279f2034b278af243a34028113

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 640B - Virtual size: 609B

INIT Size: 1024B - Virtual size: 1004B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 470B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 640B - Virtual size: 609B

INIT
Size: 1024B - Virtual size: 1004B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 470B