7a94689afbcfb759f81b41eebf532f50c819f7edd4bf14957c8d75df179ccb43

Sharing

Copy URL Twitter E-mail

General

Target

7a94689afbcfb759f81b41eebf532f50c819f7edd4bf14957c8d75df179ccb43
Size

18KB
MD5

5fb60771a55e7e1a25488969e8eab92a
SHA1

f3ac05a28b60054695bf5778a804bb2df1ab0f1c
SHA256

7a94689afbcfb759f81b41eebf532f50c819f7edd4bf14957c8d75df179ccb43
SHA512

a38f4dbd394b64b9513c4fd9ac01c1c762a92440ca1fe1686940cadd1b3508d48ceb6c7f18ab110bb39155e88b42efef97acc2bdb1fa897733833df2a304ba59
SSDEEP

384:L4OfOSYWLUW7KxBd4fu7z87EX2LPDhy+w3B4fnlk/r:T12s79K/r

Score

1^/10

Malware Config

Signatures

Files

7a94689afbcfb759f81b41eebf532f50c819f7edd4bf14957c8d75df179ccb43
.exe windows x86

a9a599d9ff0b178e5c2f45b7536bd70b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcslen
RtlInitUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcscat
_wcsnicmp
ExFreePoolWithTag
DbgPrint
ZwQueryInformationProcess
ZwOpenProcess
IoGetCurrentProcess
ObReferenceObjectByHandle
strncpy
ExfInterlockedInsertHeadList
_stricmp
_strnicmp
ZwQueryValueKey
ZwOpenKey
strstr
sprintf
ZwReadFile
ZwCreateFile
RtlAppendUnicodeToString
ZwClose
ExfInterlockedRemoveHeadList
IofCompleteRequest
strncmp
KeInitializeSpinLock
PsGetCurrentProcessId
_wcsicmp
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
ZwEnumerateValueKey
ZwCreateKey
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
strncat
ObQueryNameString
ObfDereferenceObject
strrchr
ExAllocatePoolWithTag
ExfInterlockedInsertTailList
PsGetVersion

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 640B - Virtual size: 571B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9a599d9ff0b178e5c2f45b7536bd70b

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 2KB

PAGE Size: 640B - Virtual size: 571B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 2KB

PAGE
Size: 640B - Virtual size: 571B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 1KB - Virtual size: 1KB