93b010ae1d19226e11fa232da5b4189ced1fb165e54fc7503b09c1bd157be237

Sharing

Copy URL Twitter E-mail

General

Target

93b010ae1d19226e11fa232da5b4189ced1fb165e54fc7503b09c1bd157be237
Size

20KB
MD5

a4331cffdbd84a1a1ce6e90de981fef0
SHA1

37bb34ba6dc4446d2d72e991aea5f8c2fecbc511
SHA256

93b010ae1d19226e11fa232da5b4189ced1fb165e54fc7503b09c1bd157be237
SHA512

54671af587292cbd8738e64d08be3ad476051eea2ef3b5a6bb58b4afc0edb229e278c73563adf29d514224fef1b2fd0d971bb438f3ed2b17d49482116de2b397
SSDEEP

384:Z5aIdYgBsTNmN+DxpJ+i2VYqImfkpaVXeL6bUs8QjWi2jXEAlq:Z5ndYgBsTN0+pJDqJfh5wfiOD8

Score

N/A

Malware Config

Signatures

Files

93b010ae1d19226e11fa232da5b4189ced1fb165e54fc7503b09c1bd157be237
.dll windows x86

7bdd22ccfc0683c0629ca7a2edd65ba6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObMakeTemporaryObject
ObfReferenceObject
ZwClose
RtlInitUnicodeString
KeWaitForSingleObject
ZwWriteFile
KeReleaseMutex
ZwSetInformationFile
ZwQueryInformationFile
ZwCreateFile
ObfDereferenceObject
IoCreateDevice
_snwprintf
ObReferenceObjectByName
IoDriverObjectType
IoCreateDriver
_snprintf
RtlRandom
PsSetLoadImageNotifyRoutine
RtlWriteRegistryValue
memcpy
_allmul
memset
ZwReadFile
ZwOpenFile
PsRemoveLoadImageNotifyRoutine
KeInitializeMutex
ExFreePoolWithTag
FsRtlProcessFileLock
FsRtlFastUnlockAll
IoGetRequestorProcess
ObReferenceObjectByHandle
ZwDeviceIoControlFile
KeGetCurrentThread
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
MmMapLockedPagesSpecifyCache
_strnicmp
IofCompleteRequest
RtlFillMemoryUlong
KeQuerySystemTime
strncpy
ExAllocatePoolWithTag
FsRtlInitializeFileLock
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
strchr
RtlImageDirectoryEntryToData
RtlImageNtHeader
strstr
_strlwr
ExAllocatePool
NtLockFile
atoi
KeUnstackDetachProcess
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
KeInsertQueueApc
KeInitializeApc
ZwFreeVirtualMemory
FsRtlAllocatePool
ZwAllocateVirtualMemory
KeStackAttachProcess
_except_handler3
KeTickCount
KeSetEvent
ZwOpenProcess
ExQueueWorkItem
PsGetCurrentProcessId
IoGetCurrentProcess
PsLookupThreadByThreadId
wcsstr
ZwQueryInformationProcess
PsLookupProcessByProcessId
RtlEqualUnicodeString
ZwQuerySystemInformation
PsGetProcessImageFileName
FsRtlIsNameInExpression
_alldiv
KeInitializeEvent

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bdd22ccfc0683c0629ca7a2edd65ba6

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 25KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 25KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB