dd46f5becd0f4c2b37641095f0e19acadced0a995dd0b37e78ab15eabcb76fc9

Sharing

Copy URL Twitter E-mail

General

Target

dd46f5becd0f4c2b37641095f0e19acadced0a995dd0b37e78ab15eabcb76fc9
Size

47KB
MD5

ce4b4300fa21292154426d06404f0cef
SHA1

2792d70c298808f1704e6389602f070017254256
SHA256

dd46f5becd0f4c2b37641095f0e19acadced0a995dd0b37e78ab15eabcb76fc9
SHA512

01654834e1d2b4a2c801443e016af57991188ed4455c8d5de045974111a3c124d3954b9b2690a55f5fdb5aead25ca7cf69717a1f1218f0f8c16e01bbe509940d
SSDEEP

768:oSh1lFe4NktT+/LQiOAPuDSsSgngoY2mP8aL/Wy79UccljJ:oq1lFe4NktTikwurSWTY2m7W09wBJ

Score

N/A

Malware Config

Signatures

Files

dd46f5becd0f4c2b37641095f0e19acadced0a995dd0b37e78ab15eabcb76fc9
.exe windows x86

55e8e84d28f46f97166f5c07aa795371

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
KeDelayExecutionThread
ExFreePool
ZwQueryValueKey
ZwOpenKey
ExAllocatePoolWithTag
strstr
ZwClose
ZwReadFile
ZwCreateFile
NtBuildNumber
PsTerminateSystemThread
InterlockedDecrement
InterlockedIncrement
PsCreateSystemThread
wcslen
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcsrchr
ZwWriteFile
ZwQueryInformationFile
wcsstr
mbstowcs
strncpy
ExInitializeNPagedLookasideList
KeInitializeSpinLock
_wcsicmp
ObfDereferenceObject
ExInterlockedPushEntrySList
ExDeleteNPagedLookasideList
KeServiceDescriptorTable
ObReferenceObjectByHandle
ExGetPreviousMode
wcsncat
MmIsAddressValid
wcsncpy
ObQueryNameString
_except_handler3
_wcsnicmp
_wcslwr
ZwCreateKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwDeleteValueKey
ZwDeleteKey
ZwSetValueKey
InterlockedExchange
ObReferenceObjectByName
IoDriverObjectType
IoFileObjectType
PsProcessType
MmGetSystemRoutineAddress
MmSystemRangeStart
IoGetDeviceObjectPointer
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ObReferenceObjectByPointer
MmSectionObjectType
ZwQuerySystemInformation
RtlEqualUnicodeString
_strnicmp
IofCompleteRequest
wcscpy
IoGetCurrentProcess
ExInterlockedPopEntrySList
strncmp

hal

KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
KfLowerIrql
KfAcquireSpinLock

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55e8e84d28f46f97166f5c07aa795371

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 448B - Virtual size: 420B

.data Size: 16KB - Virtual size: 16KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 448B - Virtual size: 420B

.data
Size: 16KB - Virtual size: 16KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB