51355aa6650960440f3eaf8af31f6f68b196dc17136a307ed03fb83bdd6138d3

Sharing

Copy URL

Twitter E-mail

General

Target

51355aa6650960440f3eaf8af31f6f68b196dc17136a307ed03fb83bdd6138d3
Size

1.4MB
MD5

a2e171885f3ab5328cc60774d514538a
SHA1

b706221750043b1b62600ad699750a6178596fc9
SHA256

51355aa6650960440f3eaf8af31f6f68b196dc17136a307ed03fb83bdd6138d3
SHA512

789dfb6a2ebbad3d59b18343756ed04438877951e278a33ed117bbe1ee7ccf0d0e6cc568efedfce53e84d06abf5609693f8d10d7e0b37c1fb09835aa43aafd7a
SSDEEP

24576:zeoxuL11nXixjworZ4FFuz9cF18Em3PJ6DtpFyMXLD34z//xQ3lMt4+:Cl1nM9470Gyj3x0XXH3y//xQVMC

Score

1^/10

Malware Config

Signatures

Files

51355aa6650960440f3eaf8af31f6f68b196dc17136a307ed03fb83bdd6138d3
.exe windows x64

ce555e3a7dbc6890c3e764d4f1827b93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsGetProcessImageFileName
PsLookupProcessByProcessId
RtlInitUnicodeString
RtlCheckRegistryKey
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
tolower
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
PsTerminateSystemThread
RtlRandomEx
KeQueryTimeIncrement
ZwClose
RtlAppendUnicodeStringToString
RtlFreeAnsiString
RtlCopyUnicodeString
ObfDereferenceObject
ZwOpenFile
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
IoRegisterShutdownNotification
RtlAnsiStringToUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
ZwSetValueKey
PsSetCreateProcessNotifyRoutine
IoUnregisterShutdownNotification
IofCompleteRequest
RtlWriteRegistryValue
IoCreateSymbolicLink
IoCreateDevice
_strnicmp
ZwCreateKey
_wcsnicmp
ZwReadFile
ZwDeleteValueKey
ZwQueryInformationFile
ZwQuerySystemInformation
KeUnstackDetachProcess
KeDetachProcess
ZwWaitForSingleObject
RtlImageNtHeader
KeStackAttachProcess
ZwAllocateVirtualMemory
KeBugCheckEx
ProbeForRead
IoDeleteSymbolicLink
towlower
__C_specific_handler

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 48.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

W0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce555e3a7dbc6890c3e764d4f1827b93

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 48.2MB

.pdata Size: 1024B - Virtual size: 792B

INIT Size: 2KB - Virtual size: 1KB

W0 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 512B - Virtual size: 192B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 48.2MB

.pdata
Size: 1024B - Virtual size: 792B

INIT
Size: 2KB - Virtual size: 1KB

W0
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 1KB - Virtual size: 1KB