75377238f50d62e02df67d79587e4fc0e62629d5525eca7eba96ca31b6c2ede6

General

Target

75377238f50d62e02df67d79587e4fc0e62629d5525eca7eba96ca31b6c2ede6
Size

19KB
MD5

84a4c56a8883e73c674546674200658c
SHA1

ae88246e9a86d1c0600328d13ffd5001f7f174ff
SHA256

75377238f50d62e02df67d79587e4fc0e62629d5525eca7eba96ca31b6c2ede6
SHA512

352cac0374c4856cbe41202b554333e37af27ec1df00ee1b2e7d303f917c5105b92af847b861b882631f3ea4c17b459aab623bf6f51ee8eaf3c63d67c96ead6f
SSDEEP

384:9sKY/aLe/cajmjlbejUCD8YVta/cVlo2T:KKYCeQbenVtCn2T

Score

N/A

Malware Config

Signatures

Files

75377238f50d62e02df67d79587e4fc0e62629d5525eca7eba96ca31b6c2ede6
.dll windows x86

94e6bf02bbfe18c2f00ac522cfbd29c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
DbgPrint
IoGetCurrentProcess
PsLookupProcessByProcessId
KeAttachProcess
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
_except_handler3
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
NtOpenProcess
ZwDeviceIoControlFile
NtDeviceIoControlFile
ExAllocatePoolWithTag
MmGetPhysicalAddress
MmFreeNonCachedMemory
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
MmAllocateNonCachedMemory
IoDeleteSymbolicLink
ZwClose
ZwMapViewOfSection
ZwOpenSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
PsLookupThreadByThreadId
ExFreePool
ObReferenceObjectByHandle

hal

HalTranslateBusAddress

Exports

Exports

_NtGdiGetPixel_Vir@12

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94e6bf02bbfe18c2f00ac522cfbd29c7

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 288B

.edata Size: 512B - Virtual size: 82B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 288B

.edata
Size: 512B - Virtual size: 82B

.reloc
Size: 2KB - Virtual size: 1KB