b16a2f6611473bd993a7ce226168ee05edbead0ad9b5f00cce0469df0adb7bb7

General

Target

b16a2f6611473bd993a7ce226168ee05edbead0ad9b5f00cce0469df0adb7bb7
Size

50KB
MD5

4a59c5fd5c5224af0247254341b8a482
SHA1

a50e2beb0d21a0f0cc65807aedb9d1bc69fcfeed
SHA256

b16a2f6611473bd993a7ce226168ee05edbead0ad9b5f00cce0469df0adb7bb7
SHA512

c7aea12060603b9a47dc976660e38eacb194719262a643b2d0917083cf789b888d03073857c4e5c8be4748ad9f7021600fe620043e0e16a3cf8e280482c92e17
SSDEEP

768:ZhruwswZSL6raNZuSIzptXxQHfxjCi1PZbG2jpJFNB:ZhSws8SLZNBIlhgpjbxVTFNB

Score

N/A

Malware Config

Signatures

Files

b16a2f6611473bd993a7ce226168ee05edbead0ad9b5f00cce0469df0adb7bb7
.dll windows x86

df4d26b82a4b1721588158e1eea94327

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoRequestDeviceEject
READ_REGISTER_BUFFER_USHORT
RtlAppendAsciizToString
IoGetBaseFileSystemDeviceObject
ObGetObjectSecurity
CcUnpinDataForThread
NtQueryEaFile
NtDeleteAtom
ExAllocatePool
IoCheckFunctionAccess
IoGetDeviceToVerify
NtQueryInformationFile
ExNotifyCallback
DbgPrompt
isupper
SeSetSecurityDescriptorInfoEx
KeReadStateMutex
IoAllocateMdl
ZwQuerySystemInformation
ExFreePool
RtlGenerate8dot3Name
memcpy
_except_handler2
KeInitializeTimerEx
KeSetTimerEx
FsRtlNotifyFullChangeDirectory
SeCreateClientSecurityFromSubjectContext
KeCancelTimer
ExIsProcessorFeaturePresent
KeInitializeDpc
SeQuerySessionIdToken
NtUnlockFile
CcSetDirtyPageThreshold
HalDispatchTable
RtlEqualString
IoAllocateController
KeDelayExecutionThread
KiCoprocessorError
RtlDecompressBuffer
IoRegisterBootDriverReinitialization
SePrivilegeObjectAuditAlarm
NtGlobalFlag

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df4d26b82a4b1721588158e1eea94327

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 29KB - Virtual size: 29KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 29KB - Virtual size: 29KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB